Mac OS X 10.2.8 Available

Transfan76 writes "The 10.2.8 Update delivers enhanced functionality and improved reliability for the following applications, services and technologies: Audio, Bluetooth, Classic compatibility, Finder, Graphics, LDAP, Power Management, Safari, and FireWire and USB device compatibility. The update also provides updated security services and includes the latest Security Updates." Does this have the update to ssh?

Yes.

[Brazzo]

%ssh -V
OpenSSH_3.4p1+CAN-2003-0693

Yes.

Odd monitor gotcha

[thatguywhoiam]

Installed 10.2.8 on a 12" PowerBook (aka 'the footlong'), no discernable problems so far.

An odd thing was that it reset my monitor settings back to 16bit colour ('Thousands'), so you may want to watch out for that. Aqua does such a good job of dithering you probably wouldn't even notice at first.

Another odd thing was that my display went a little funky when doing the cross-fading desktop pictures just a second ago. Fixed itself after the transition was complete, no idea what that's about.

If you're superstitious like me don't forget to do the Repair Permissions trick - its the new Rebuild Desktop - although I had no issues there either.

One last thing, be prepared to have your frickin Keychain pestering you for the next week....

All Recent Security Updates

[Rosyna]

APPLE-SA-2003-09-22 Mac OS X 10.2.8

Mac OS X 10.2.8 is now available. It contains fixes for recent
vulnerabilities in:

OpenSSH: Mac OS X 10.2.8 contains the patches to address CVE
CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682. On Mac OS X
versions prior to 10.2.8, the vulnerability is limited to a denial
of service from the possibility of causing sshd to crash. Each
login session has its own sshd, so established connections are
preserved up to the point where system resources are exhausted by
an attack.

To deliver the update in a rapid and reliable manner, only the
patches for CVE IDs listed above were applied, and not the entire
set of patches for OpenSSH 3.7.1. Thus, the OpenSSH version in
Mac OS X 10.2.8, as obtained via the "ssh -V" command, is:
OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL
0x0090609f

Sendmail: Addresses CVE CAN-2003-0694 and CAN-2003-0681 to fix a
buffer overflow in address parsing, as well as a potential buffer
overflow in ruleset parsing.

fb_realpath(): Fixes CAN-2003-0466 which is an off-by-one error in
the fb_realpath() function that may allow attackers to execute
arbitrary code.

arplookup(): Fixes CAN-2003-0804. The arplookup() function caches
ARP requests for routes on a local link. On a local subnet only,
it is possible for an attacker to send a sufficient number of
spoofed ARP requests which will exhaust kernel memory, leading to
a denial of service.

Re:The SSH version

[Graff]

Well, this has *an* update to ssh, I dunno if it's *the* update to ssh.

Yep, according to this technote it's *the* update to ssh:

Mac OS X 10.2.8

OpenSSH: Addresses CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682 to fix buffer management errors in OpenSSH's sshd versions prior to 3.7.1

sendmail: Addresses CAN-2003-0694 and CAN-2003-0681 to fix a buffer overflow in address parsing, as well as a potential buffer overflow in ruleset parsing.

fb_realpath(): Fixes CAN-2003-0466 which is an off-by-one error in the fb_realpath() function that may allow attackers to execute arbitrary code.

arplookup(): Fixes CAN-2003-0804. The arplookup() function caches ARP requests for routes on a local link. On a local subnet only, it is possible for an attacker to send a sufficient number of spoofed ARP requests which will exhaust kernel memory, leading to a denial of service.

ETHERNET PROBLEM

[gidds]

10.2.8 includes a new version of the internal Ethernet driver; many folks have found it stops their Ethernet from working!

Discussed further here. Respect to Andrew McPherson for coming up with a workaround: make a backup of /System/Library/Extensions/AppleGMACEthernet.kext before upgrading, and restore it afterwards. If you've already upgraded, follow the link for more info.