Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Posts Security Update 2002-11-21

Posted by pudge on from the shmecurtiy dept.

Znonymous Coward writes "Apple has released Security Update 2002-11-21 for Mac OS X 10.2 (Jaguar) via the Software Update utility. The update 'fixes potential vulnerabilities introduced in BIND, the domain server and client library software package from Internet Software Consortium (ISC), that is shipped with Mac OS X and Mac OS X Server. BIND version 8.3.4 addresses the recently-discovered potential vulnerabilities where an unauthorized person may disrupt the normal operation of the DNS name service. BIND is not activated by default on Mac OS X or Mac OS X Server.'"

3 of 36 comments (clear)

  1. Pathetic? by Euphonious+Coward · · Score: 4, Interesting
    Why did Apple distribute the old and buggy BIND version 8 with their OS when version 9 was already out at the time they released?

    I can almost understand about the old-line UNIX houses who have thousands of customers stuck with config files for the old version, but Apple didn't have any of those.

    Somebody please tell me that Macosix comes with both versions, and that the default is BIND 9, but they put 8 on there too for customers upgrading from other systems who want to keep the config files.

    1. Re:Pathetic? by Thenomain · · Score: 4, Interesting

      [i]Why did Apple distribute the old and buggy BIND version 8 with their OS when version 9 was already out at the time they released?[/i]

      In that case, why doesn't this recent update install Bind version 9? (It installs 8.3.4.) My guess is that Apple does internal QA to make sure the build doesn't break any other functionality, probably in attempt to keep the "it just works" philosophy going. That they put in an insecure Bind is probably more a "whups".

      --
      This now concludes our broadcast day.
  2. well... by djupedal · · Score: 5, Interesting

    I read about it here, while in the office, and dropped into my Mac at home via Webmin. I then issued this command:

    softwareupdate 0000

    ..this brought back a reply telling me the correct number of the update, and I reissude the command with the new number. When the update was done, the return message told me the box needed to be restarted. Another command via Webmin, and moments later the box is back online with the update done.

    Not everyone is at the box, nor does everyone keep the udpate agent running, etc.