Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Patches Sendmail Bug Quickly

Posted by pudge on from the mmmmmm-ail dept.

90XDoubleSide writes "Apple has released Security Update 2003-03-03 (available through Software Update) which addresses the sendmail vulnerability reported earlier today, and includes a newer version of OpenSSL. Seems that Apple is getting much faster with their patches."

16 of 74 comments (clear)

  1. Re:Sick of editorial bias at this site by Anonymous Coward · · Score: 2, Insightful

    I'm sure if it were Microsoft

    But the fact is it's not microsoft

    and microsoft don't do even simple patches this quickly

    you're basing your accusation of bias on "if microsoft did this". *IF* microsoft did, then we wouldn't be biased against them.

    Reality's harsh hey.

  2. Why Wait? by rrf · · Score: 4, Informative

    ssh (login)@(yourmacbox)
    sudo softwareupdate

    Of course, this only works if you have access to it from the outside ;)

    --
    -- You canna change the laws of physics, Captain; I've got to have thirty minutes!
    1. Re:Why Wait? by dago · · Score: 4, Funny
      "Of course, this only works if you have access to it from the outside"

      If you don't have access to your box from the outside ...

      • Nobody has access to it -> no need to update now
      • Use the sendmail vulnerability, got root and update


      --
      #include "coucou.h"
  3. They Weren't the Only Ones by themo0c0w · · Score: 4, Insightful

    Looking at bugtraq, RedHat, Mandrake, SuSE, Connective, IBM's AIX, FreeBSD, and SGI also updated their sendmail packages. They've all had much advance notice for this, so it is no big surprise they have updates soon (i.e., simulaneously with the release from sendmail.org).

    What would have been more interesting was if Apple hadn't updated their sendmail packages. With them advertising Xserve's as big iron, I would hope they would be quick with the patches.

    --
    ph34r teh p0w3r 0f th3 c0w
  4. Hmmmm... by FireBreathingDog · · Score: 3, Funny

    I wonder how long it'll take Microsoft to issue their patch for sendmail...

    --
    Shame on Google.
  5. Warning! by Znonymous+Coward · · Score: 2, Informative

    I had some problems with this update.

    Here is what happened...

    1. Ran SW update.
    2. I took a really long time to "optimize".
    3. "You must reboot", OK.
    4. SBOD (Spinning Beachball of Death).
    5. Let it sit there for about 6 hours (while I was sleeping).
    6. Still SBOD so I powered it off.
    7. File system errors.
    8. Whit it came backup, it fsckd and rebooted a couple of times.

    Seems to be working now, anyone else have problems with this update?

    --

    Karma: The shiznight, mostly because I am the Drizzle.

  6. Whoa... by Anonymous Coward · · Score: 4, Funny
    Apple has released Security Update 2002-03-03 (available through Software Update) which addresses the sendmail vulnerability reported earlier today, [...]


    Wow, Apple actually patched the hole a year before it was discovered! Time travel?

    1. Re:Whoa... by commodoresloat · · Score: 4, Funny
      Wow, Apple actually patched the hole a year before it was discovered! Time travel?

      Yeah, man. They even posted a first post to this discussion about it, but it got moderated "Troll."

  7. Insightful, my arse by Xenex · · Score: 4, Informative

    "Redhat was much faster. Look at the post on the original slashdot article, Redhat had allready a patch available."

    Look at the original Slashdot story yourself. The comment relating to Apple's patch was there within 3 hours of the one relating to Red Hat.

    And note, that is when Slashdot mentioned it, not when Apple posted it. Basically, the two companies had patches out at virtually the same time.

  8. Yay! Update! by tuxedobob · · Score: 2, Funny

    I needed an excuse to reboot my iBook.

    Is anyone else unnerved when there are no new updates for a while? To anything?

  9. Re:score 1 for apple. by commodoresloat · · Score: 5, Insightful

    I'm glad they responded to this quickly, but more glad that sendmail is not enabled by default, and that they try to take minimal security risks on a basic install by turning off a lot of stuff most desktop users don't need. On another note, I am impatient for a fix for the annoying 1969 time/date bug; the workaround they posted is weak.

  10. Quick, yes, but not as quick as you think by Hanashi · · Score: 3, Informative
    It's worth noting the vendors were all notified of the sendmail problem in mid-February. They all agreed to release the patches and the vulnerability announcements on 3 March.

    One of my colleagues was complaining about not being notified immediately, but I think the situation was rather well handled (in contrast to some other recent vulnerability disclosures I could name). The vendor patches were available nearly as soon as I had heard of the vulnerability, and I won't even *guess* when the last time that happened to me was.

    --
    Check out my eclectic infosec blog at InfoSecPotpou
  11. Re:Why do they include sendmail in the first place by Anonymous Coward · · Score: 2, Informative

    Sendmail has a better license than postfix. You love postfix so much? Talk to the authors and get them to release it under BSD. Thanks.

  12. Patch too quick? by jilbert · · Score: 4, Interesting

    I have installed it, restarted, but it came up on Software Update again. So I installed it, restared, and it is still there on Software Update! Maybe they should have tested it a bit more before pushing it out of the door? (Or there is something weird with my Mac.)

  13. 10.1 still vulnerable by metamatic · · Score: 3, Insightful

    Unfortunately, Apple hasn't bothered to patch 10.1 yet, and there are a lot of people who didn't want to pay $130 for a point release only months after paying full price for 10.1.

    So Apple's doing a substantially worse job than RedHat, who have released patches for the last three major versions of RedHat, plus all the point releases.

    --
    GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
  14. Re:score 1 for apple. by am46n · · Score: 2, Funny

    Everybody knows that when macs forget the time they should reset to 1904, not 1970!