Slashdot Mirror
Apple Patches Sendmail Bug Quickly
90XDoubleSide writes "Apple has released Security Update 2003-03-03 (available through Software Update) which addresses the sendmail vulnerability reported earlier today, and includes a newer version of OpenSSL. Seems that Apple is getting much faster with their patches."
that was very quick response from them, I look foward to updating my work machine tomorrow.
I'm a big retard who forgot to log out of Slashdot on Mike's computer! LOOK AT ME.
I'm sure if it were Microsoft
But the fact is it's not microsoft
and microsoft don't do even simple patches this quickly
you're basing your accusation of bias on "if microsoft did this". *IF* microsoft did, then we wouldn't be biased against them.
Reality's harsh hey.
C'mon guys, I have the Jobs shrine in my bedroom closet like the rest of you, but apple (and everybody else) had WEEKS to prepare for the announcement today.
Hell, even if they did put out the fix on short notice, is that newsworthy? that's EXPECTED!
And I notice it included the recent OpenSSL fix from a few days ago. What took them so long on THAT one? (I know, they were waiting for today's announcement to do them together. But why didn't they just release two seperate fixes?)
Let's not take the apple worship TOO far.
ssh (login)@(yourmacbox)
;)
sudo softwareupdate
Of course, this only works if you have access to it from the outside
-- You canna change the laws of physics, Captain; I've got to have thirty minutes!
Looking at bugtraq, RedHat, Mandrake, SuSE, Connective, IBM's AIX, FreeBSD, and SGI also updated their sendmail packages. They've all had much advance notice for this, so it is no big surprise they have updates soon (i.e., simulaneously with the release from sendmail.org).
What would have been more interesting was if Apple hadn't updated their sendmail packages. With them advertising Xserve's as big iron, I would hope they would be quick with the patches.
ph34r teh p0w3r 0f th3 c0w
I wonder how long it'll take Microsoft to issue their patch for sendmail...
Shame on Google.
I had some problems with this update.
Here is what happened...
1. Ran SW update.
2. I took a really long time to "optimize".
3. "You must reboot", OK.
4. SBOD (Spinning Beachball of Death).
5. Let it sit there for about 6 hours (while I was sleeping).
6. Still SBOD so I powered it off.
7. File system errors.
8. Whit it came backup, it fsckd and rebooted a couple of times.
Seems to be working now, anyone else have problems with this update?
Karma: The shiznight, mostly because I am the Drizzle.
Wow, Apple actually patched the hole a year before it was discovered! Time travel?
"Redhat was much faster. Look at the post on the original slashdot article, Redhat had allready a patch available."
Look at the original Slashdot story yourself. The comment relating to Apple's patch was there within 3 hours of the one relating to Red Hat.
And note, that is when Slashdot mentioned it, not when Apple posted it. Basically, the two companies had patches out at virtually the same time.
I needed an excuse to reboot my iBook.
Is anyone else unnerved when there are no new updates for a while? To anything?
Too bad we can't say the same for J2SE 1.4 and J2EE.
Come on, man, we need some more consequential numbers here. How many posts to Usenet about OS X in the past year?
Wow.. This makes more sense than any comment I've ever read. Thanks Mr. Coward!
Damn you.. You've defeated me both in the speed of your response and wit as well..
I surrender.
One of my colleagues was complaining about not being notified immediately, but I think the situation was rather well handled (in contrast to some other recent vulnerability disclosures I could name). The vendor patches were available nearly as soon as I had heard of the vulnerability, and I won't even *guess* when the last time that happened to me was.
Check out my eclectic infosec blog at InfoSecPotpou
I agree that it is a good thing sendmail is not enabled by default.
But why do they include it in the first place? They could include postfix instead which is known to be much more secure. (As I do not want to start an MTA war here: yes, they might as well go for qmail, which is also known to be more secure than sendmail.)
Sendmail has a better license than postfix. You love postfix so much? Talk to the authors and get them to release it under BSD. Thanks.
sendmail has vunerabilities?? ;)
For OS X, the updating can be done by 2 mouse clicks with the Software Update tool. How long does it take on other system. I know it takes much longer to do Windows updating.
I have installed it, restarted, but it came up on Software Update again. So I installed it, restared, and it is still there on Software Update! Maybe they should have tested it a bit more before pushing it out of the door? (Or there is something weird with my Mac.)
Heh, the title was bad. I should have rewritten it, I just used what the submission had. It was late, my bad. But you're right, saying "if Microsoft did this" is just laughable. :-)
Unfortunately, Apple hasn't bothered to patch 10.1 yet, and there are a lot of people who didn't want to pay $130 for a point release only months after paying full price for 10.1.
So Apple's doing a substantially worse job than RedHat, who have released patches for the last three major versions of RedHat, plus all the point releases.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Sure it is quick for me to update, once the patch was made available, but the point is, when I saw the posting on Slashdot, I went to software updates, and there was no update there.
.
If I ran an ISP, I would rather the patch be made immediately available, why did Apple not have their patch released as others did when the annoucement was made? Can you imagine me saying to my customers, I'm sorry I choose Apple not Redhat, you can not send e-mail for the next while (undetermined amount of time) while I keep the mail server offline waiting for a patch. . .
Now obviously I could manually put in a patch from Sendmail, but hey I picked OS X because of its ease of use . .
Oh, and then I would have to explain why the late coming of the ssl patch too . . .
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Daniel
http://people.cinn.ca/daniel/
Within hours of reading about the bug I noticed the patch published in versiontracker.com. Probably minutes after I finished the patch, johncompanies sends me an email with exact instructions on how to patch my freeBSD jail server. I am positive all this happened within an hour!
Pedro
----
The Insomniac Coder
Oh well.. there goes the karma..
Googlism for: steve jobs
steve jobs is an innovation leader in this industry
steve jobs is right on target with where apple must go
steve jobs is the man
steve jobs is a visionary in the world of personal computers that led the entire computer hardware and software industry to restructure itself
steve jobs is supreme over steve wozniak
steve jobs is not your friend
steve jobs is running the company
steve jobs is the ceo of apple
steve jobs is the man staff report
steve jobs is simply a fluke by jim dalrymple
steve jobs is an innovation leader in this industry jimmy greene
steve jobs is right on target with where apple must go to survive
steve jobs is that he's a fair
steve jobs is so obsessed with toy story he can barely stay in his seat when talking about it
steve jobs is telling us things are going to continue to get worse
steve jobs is one of the big names in the computer industry
steve jobs is not particularly interested in doing
steve jobs is ceo for as long as he may choose
steve jobs is invited to see the graphical user interface which has been developed by xerox
steve jobs is the rosetta stone of high tech
steve jobs is a nine fire in japanese astrology
steve jobs is a compelling look at an individual who has changed the face of technology and entertainment for the twenty
steve jobs is anywhere close to what one might define as normal
steve jobs is still very much involved with the company
steve jobs is a master of keeping his message simple
steve jobs is nothing but my imagination
steve jobs is full of shit
steve jobs is still an asshole out to screw the apple faithful in the same easy manner that he's done similar takes with co
steve jobs is in the pressure cooker once again
steve jobs is at it again
steve jobs is the ceo of apple computer
steve jobs is ceo of pixar animation studios
steve jobs is co
steve jobs is still hanging out as apple computer's interim chief executive officer a year after the company gave its last ceo
steve jobs is not that he revolutionized computing in the 1980s
steve jobs is the chairman of the board in apple computer inc
steve jobs is a genius
steve jobs is credited with most of the credit for building apple computers
steve jobs is currently ceo of apple computer corporation but only after a long and tumultuous history
steve jobs is the co
steve jobs is one of four action figures
steve jobs is on time's cover this week
steve jobs is even more remarkable
steve jobs is een aparte figuur in de it
steve jobs is more that just a smart guy
steve jobs is well known for many things
steve jobs is available for instant download
steve jobs is a complicated character
steve jobs is missing from c
steve jobs is scheduled to take the stage at the big sight auditorium in tokyo to deliver the macworld tokyo 2002 keynote beginning at 7
steve jobs is chairman and ceo of pixar
steve jobs is that at least gil had the sense to give his machines different names and market bases
steve jobs is osama bin laden
steve jobs is now running apple computer; but even that is a rumor
steve jobs is a lousy manager
steve jobs is currently the president of next
steve jobs is now back with apple after being ousted in 1985
steve jobs is misschien niet de meest briljante informatietechnoloog
steve jobs is the first name mentioned
steve jobs is not your friend - applelinks
steve jobs is a personal hero of mine
steve jobs is an egotistical jerk with a romantic streak
steve jobs is not exactly a slouch in the enrichment department
steve jobs is more foolish the second time around and better prepared to lead apple into the new millennium than he was 20 years ago?
steve jobs is also pixar's ceo
steve jobs is apple's focus group
steve jobs is nothing if not a pragmatist
steve jobs is gonna make a presentation of the imac
steve jobs is to computers what the beatles were to music
steve jobs is boring and profitable
steve jobs is right on target with where apple must go
steve jobs is an innovation leader in this industry
steve jobs is still very much involved with the company
steve jobs is supreme over steve wozniak
steve jobs is a visionary in the world of personal computers that led the entire computer hardware and software industry to restructure itself
steve jobs is best suited to address
steve jobs is a genius
steve jobs is boring and profitable by paul kapustka september 8
steve jobs is right on target with where apple must go to survive
steve jobs is an innovation leader in this industry jimmy greene
steve jobs is the man to have running apple
steve jobs is doing it his way
steve jobs is in the pressure cooker once again
steve jobs is that he's a fair
steve jobs is the man staff report
steve jobs is so obsessed with toy story he can barely stay in his seat when talking about it
steve jobs is telling us things are going to continue to get worse
steve jobs is invited to see the graphical user interface which has been developed by xerox
steve jobs is anywhere close to what one might define as normal
steve jobs is one of the big names in the computer industry
steve jobs is available for instant download
steve jobs is slowly taking america on a digital lifestyle
steve jobs is ceo of pixar animation studios
steve jobs is trying to kill me
steve jobs is wearing a black sweater
steve jobs is a compelling look at an individual who has changed the face of technology and entertainment for the twenty
steve jobs is scheduled to take the stage at the big sight auditorium in tokyo to deliver the macworld tokyo 2002 keynote beginning at 7
steve jobs is missing from c
steve jobs is still an asshole out to screw the apple faithful in the same easy manner that he's done similar takes with co
steve jobs is the chairman of the board in apple computer inc
steve jobs is not that he revolutionized computing in the 1980s
steve jobs is still hanging out as apple computer's interim chief executive officer a year after the company gave its last ceo
steve jobs is one of four action figures
steve jobs is on time's cover this week
steve jobs is the co
steve jobs is even more remarkable
steve jobs is currently ceo of apple computer corporation but only after a long and tumultuous history
steve jobs is credited with most of the credit for building apple computers
steve jobs is currently the president of next
steve jobs is chairman and ceo of pixar
steve jobs is trying to
steve jobs is that at least gil had the sense to give his machines different names and market bases
steve jobs is guiding the company toward the high
steve jobs is more that just a smart guy
steve jobs is well known for many things
steve jobs is now running apple computer; but even that is a rumor
steve jobs is apple's focus group
steve jobs is a complicated character
steve jobs is een aparte figuur in de it
steve jobs is also pixar's ceo
steve jobs is now back with apple after being ousted in 1985
steve jobs is the first name mentioned
steve jobs is not your friend - applelinks
steve jobs is going to get it into
steve jobs is not exactly a slouch in the enrichment department
steve jobs is more foolish the second time around and better prepared to lead apple into the new millennium than he was 20 years ago?
steve jobs is also the ceo of pixar
steve jobs is boring and profitable
steve jobs is right on target with where apple must go
steve jobs is an innovation leader in this industry
steve jobs is the man to have running
steve jobs is a visionary in the world of personal computers that led the entire computer hardware and software industry to restructure itself
steve jobs is right on target with where apple must go to survive
steve jobs is so obsessed with toy story he can barely stay in his seat when talking about it
steve jobs is telling us things are going to continue to get worse
steve jobs is invited to see the graphical user interface which has been developed by xerox
steve jobs is anywhere close to what one might define as normal
steve jobs is one of the big names in the computer industry
steve jobs is available for instant download
steve jobs is slowly taking america on a digital lifestyle
steve jobs is a compelling look at an individual who has changed the face of technology and entertainment for the twenty
steve jobs is scheduled to take the stage at the big sight auditorium in tokyo to deliver the macworld tokyo 2002 keynote beginning at 7
steve jobs is nothing but my imagination
steve jobs is a master of keeping his message simple
steve jobs is the ceo of apple computer
steve jobs is still an asshole out to screw the apple faithful in the same easy manner that he's done similar takes with co
steve jobs is the chairman of the board in apple computer inc
steve jobs is not that he revolutionized computing in the 1980s
steve jobs is still hanging out as apple computer's interim chief executive officer a year after the company gave its last ceo
steve jobs is currently ceo of apple computer corporation but only after a long and tumultuous history
steve jobs is credited with most of the credit for building apple computers
steve jobs is that at least gil had the sense to give his machines different names and market bases
steve jobs is guiding the company toward the high
steve jobs is more that just a smart guy
steve jobs is well known for many things
steve jobs is now running apple computer; but even that is a rumor
steve jobs is also pixar's ceo
steve jobs is now back with apple after being ousted in 1985
steve jobs is worshipped like a rock star
steve jobs is nothing if not a pragmatist
steve jobs is not exactly a slouch in the enrichment department
steve jobs is more foolish the second time around and better prepared to lead apple into the new millennium than he was 20 years ago?
steve jobs is also the ceo of pixar