Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Patches Sendmail Bug Quickly

Posted by pudge on from the mmmmmm-ail dept.

90XDoubleSide writes "Apple has released Security Update 2003-03-03 (available through Software Update) which addresses the sendmail vulnerability reported earlier today, and includes a newer version of OpenSSL. Seems that Apple is getting much faster with their patches."

8 of 74 comments (clear)

  1. Why Wait? by rrf · · Score: 4, Informative

    ssh (login)@(yourmacbox)
    sudo softwareupdate

    Of course, this only works if you have access to it from the outside ;)

    --
    -- You canna change the laws of physics, Captain; I've got to have thirty minutes!
    1. Re:Why Wait? by dago · · Score: 4, Funny
      "Of course, this only works if you have access to it from the outside"

      If you don't have access to your box from the outside ...

      • Nobody has access to it -> no need to update now
      • Use the sendmail vulnerability, got root and update


      --
      #include "coucou.h"
  2. They Weren't the Only Ones by themo0c0w · · Score: 4, Insightful

    Looking at bugtraq, RedHat, Mandrake, SuSE, Connective, IBM's AIX, FreeBSD, and SGI also updated their sendmail packages. They've all had much advance notice for this, so it is no big surprise they have updates soon (i.e., simulaneously with the release from sendmail.org).

    What would have been more interesting was if Apple hadn't updated their sendmail packages. With them advertising Xserve's as big iron, I would hope they would be quick with the patches.

    --
    ph34r teh p0w3r 0f th3 c0w
  3. Whoa... by Anonymous Coward · · Score: 4, Funny
    Apple has released Security Update 2002-03-03 (available through Software Update) which addresses the sendmail vulnerability reported earlier today, [...]


    Wow, Apple actually patched the hole a year before it was discovered! Time travel?

    1. Re:Whoa... by commodoresloat · · Score: 4, Funny
      Wow, Apple actually patched the hole a year before it was discovered! Time travel?

      Yeah, man. They even posted a first post to this discussion about it, but it got moderated "Troll."

  4. Insightful, my arse by Xenex · · Score: 4, Informative

    "Redhat was much faster. Look at the post on the original slashdot article, Redhat had allready a patch available."

    Look at the original Slashdot story yourself. The comment relating to Apple's patch was there within 3 hours of the one relating to Red Hat.

    And note, that is when Slashdot mentioned it, not when Apple posted it. Basically, the two companies had patches out at virtually the same time.

  5. Re:score 1 for apple. by commodoresloat · · Score: 5, Insightful

    I'm glad they responded to this quickly, but more glad that sendmail is not enabled by default, and that they try to take minimal security risks on a basic install by turning off a lot of stuff most desktop users don't need. On another note, I am impatient for a fix for the annoying 1969 time/date bug; the workaround they posted is weak.

  6. Patch too quick? by jilbert · · Score: 4, Interesting

    I have installed it, restarted, but it came up on Software Update again. So I installed it, restared, and it is still there on Software Update! Maybe they should have tested it a bit more before pushing it out of the door? (Or there is something weird with my Mac.)