Apple Patches Sendmail Bug Quickly

← Back to Stories (view on slashdot.org)

Apple Patches Sendmail Bug Quickly

Posted by pudge on Monday March 3, 2003 @04:52PM from the mmmmmm-ail dept.

90XDoubleSide writes "Apple has released Security Update 2003-03-03 (available through Software Update) which addresses the sendmail vulnerability reported earlier today, and includes a newer version of OpenSSL. Seems that Apple is getting much faster with their patches."

3 of 74 comments (clear)

Min score:

Reason:

Sort:

Why Wait? by rrf · 2003-03-03 17:43 · Score: 4, Informative

ssh (login)@(yourmacbox)
sudo softwareupdate

Of course, this only works if you have access to it from the outside ;)

--
-- You canna change the laws of physics, Captain; I've got to have thirty minutes!
Insightful, my arse by Xenex · 2003-03-03 21:08 · Score: 4, Informative

"Redhat was much faster. Look at the post on the original slashdot article, Redhat had allready a patch available."

Look at the original Slashdot story yourself. The comment relating to Apple's patch was there within 3 hours of the one relating to Red Hat.

And note, that is when Slashdot mentioned it, not when Apple posted it. Basically, the two companies had patches out at virtually the same time.
Quick, yes, but not as quick as you think by Hanashi · 2003-03-03 23:46 · Score: 3, Informative

It's worth noting the vendors were all notified of the sendmail problem in mid-February. They all agreed to release the patches and the vulnerability announcements on 3 March.
One of my colleagues was complaining about not being notified immediately, but I think the situation was rather well handled (in contrast to some other recent vulnerability disclosures I could name). The vendor patches were available nearly as soon as I had heard of the vulnerability, and I won't even *guess* when the last time that happened to me was.

--
Check out my eclectic infosec blog at InfoSecPotpou