Apple Patches Sendmail Bug Quickly

90XDoubleSide writes "Apple has released Security Update 2003-03-03 (available through Software Update) which addresses the sendmail vulnerability reported earlier today, and includes a newer version of OpenSSL. Seems that Apple is getting much faster with their patches."

Re:Sick of editorial bias at this site

I'm sure if it were Microsoft

But the fact is it's not microsoft

and microsoft don't do even simple patches this quickly

you're basing your accusation of bias on "if microsoft did this". *IF* microsoft did, then we wouldn't be biased against them.

Reality's harsh hey.

They Weren't the Only Ones

[themo0c0w]

Looking at bugtraq, RedHat, Mandrake, SuSE, Connective, IBM's AIX, FreeBSD, and SGI also updated their sendmail packages. They've all had much advance notice for this, so it is no big surprise they have updates soon (i.e., simulaneously with the release from sendmail.org).

What would have been more interesting was if Apple hadn't updated their sendmail packages. With them advertising Xserve's as big iron, I would hope they would be quick with the patches.

Re:score 1 for apple.

[commodoresloat]

I'm glad they responded to this quickly, but more glad that sendmail is not enabled by default, and that they try to take minimal security risks on a basic install by turning off a lot of stuff most desktop users don't need. On another note, I am impatient for a fix for the annoying 1969 time/date bug; the workaround they posted is weak.

10.1 still vulnerable

[metamatic]

Unfortunately, Apple hasn't bothered to patch 10.1 yet, and there are a lot of people who didn't want to pay $130 for a point release only months after paying full price for 10.1.

So Apple's doing a substantially worse job than RedHat, who have released patches for the last three major versions of RedHat, plus all the point releases.