Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Patches Sendmail Bug Quickly

Posted by pudge on from the mmmmmm-ail dept.

90XDoubleSide writes "Apple has released Security Update 2003-03-03 (available through Software Update) which addresses the sendmail vulnerability reported earlier today, and includes a newer version of OpenSSL. Seems that Apple is getting much faster with their patches."

5 of 74 comments (clear)

  1. Why Wait? by rrf · · Score: 4, Informative

    ssh (login)@(yourmacbox)
    sudo softwareupdate

    Of course, this only works if you have access to it from the outside ;)

    --
    -- You canna change the laws of physics, Captain; I've got to have thirty minutes!
  2. Warning! by Znonymous+Coward · · Score: 2, Informative

    I had some problems with this update.

    Here is what happened...

    1. Ran SW update.
    2. I took a really long time to "optimize".
    3. "You must reboot", OK.
    4. SBOD (Spinning Beachball of Death).
    5. Let it sit there for about 6 hours (while I was sleeping).
    6. Still SBOD so I powered it off.
    7. File system errors.
    8. Whit it came backup, it fsckd and rebooted a couple of times.

    Seems to be working now, anyone else have problems with this update?

    --

    Karma: The shiznight, mostly because I am the Drizzle.

  3. Insightful, my arse by Xenex · · Score: 4, Informative

    "Redhat was much faster. Look at the post on the original slashdot article, Redhat had allready a patch available."

    Look at the original Slashdot story yourself. The comment relating to Apple's patch was there within 3 hours of the one relating to Red Hat.

    And note, that is when Slashdot mentioned it, not when Apple posted it. Basically, the two companies had patches out at virtually the same time.

  4. Quick, yes, but not as quick as you think by Hanashi · · Score: 3, Informative
    It's worth noting the vendors were all notified of the sendmail problem in mid-February. They all agreed to release the patches and the vulnerability announcements on 3 March.

    One of my colleagues was complaining about not being notified immediately, but I think the situation was rather well handled (in contrast to some other recent vulnerability disclosures I could name). The vendor patches were available nearly as soon as I had heard of the vulnerability, and I won't even *guess* when the last time that happened to me was.

    --
    Check out my eclectic infosec blog at InfoSecPotpou
  5. Re:Why do they include sendmail in the first place by Anonymous Coward · · Score: 2, Informative

    Sendmail has a better license than postfix. You love postfix so much? Talk to the authors and get them to release it under BSD. Thanks.