Mac OS X 10.2.8 Available

Transfan76 writes "The 10.2.8 Update delivers enhanced functionality and improved reliability for the following applications, services and technologies: Audio, Bluetooth, Classic compatibility, Finder, Graphics, LDAP, Power Management, Safari, and FireWire and USB device compatibility. The update also provides updated security services and includes the latest Security Updates." Does this have the update to ssh?

Yes.

[Brazzo]

%ssh -V
OpenSSH_3.4p1+CAN-2003-0693

Yes.

Same as G5s

[MBCook]

Now, this update is NOT FOR G5 OWNERS. That said, does this update basically bring all G3s and G4s to the same as G5s (bugfix and feature/improvement wise, except for 1 or 2 very new ones), or is this above and beyond (since I know that G5s shipped with a newer version of OS X). Thanks.

YAY Update :)

[Puggs]

OK, so how many of you Apple owners saw this, and reached instantly for the Software Update with glee?

And how many thought the same when the latest Windows Bloat Patch ^W^WUpdate came along? not many? thought as much :)

oh the joys of being a proud owner or a 12" PB.....

hmm maybe I need to update my .sig - ... And Mac OS X just gets out of the way, letting you do what you wanted to do...

Re:YAY Update :)

[Otter]

OK, so how many of you Apple owners saw this, and reached instantly for the Software Update with glee?

I dunno -- some of us who remember the iTunes updater fiasco like to wait a day or two before applying patches and updates. If there's a disaster out there, let it be someone else who stumbles across it. Same for Linux kernels, new versions in emerge (do I really need a new point release of awk this minute) and anything else.

I mean, I get your point but Mac users do get burned too, and I'd rather it's you than me.

Re:YAY Update :)

[John+Harrison]

At least Mac users update eventually. Windows users (yes, I am one) apply even old patches in mortal fear that their machines will not function properly. After the last round of "updates" my machine is unable to copy & paste after it has been on for more than about 45 minutes. Another update eliminated the photo viewing tool that had been previously installed with the OS. I need to do a clean install and start over but there isn't time for it now. I will probably just "deal" until I get a new machine. Hopefully that will happen before the end of the year.

where's blaster?

[McAddress]

I have been waiting to get infected with the blaster worm for several weeks now. Will this uodate open a security hole to allow that to happen?

command line software update

[iradik]

[MacLab:~] admin% softwareupdate
Software Update Tool
Copyright 2002 Apple Computer, Inc.

Software Update found the following new or updated software:

- MacOSXUpdate10.2-10.2.8
Mac OS X Update (10.2.8), 41552K - restart required
- iPod201-2.0.1
iPod Software (2.0.1), 16000K
- iPod130-1.3
iPod Software (1.3), 5830K

To install an update, run this tool with the item name as an argument.
e.g. 'softwareupdate <item> ...'

uptime

[edalytical]

Given how frequently Apple updates OS X, I'm never going to have an impressive uptime. The last update was what about 2 weeks ago?

Re:uptime

[CptChipJew]

The MacOS 10.2.6 update is a lot older than 2 weeks.

However, you're right in the sense that these updates don't actually require a restart. They are just doing it "to be sure".

Re:uptime

[Juanvaldes]

As another poster said "to be sure", also I bet apple and old school mac users are uneasy with the idea of system updates without a restart. I'm just glad they finally wised up and don't have the iApps force you to restart anymore.

Re:uptime

[babbage]

upgrades have involved reboots in the past because, to improve performace, Apple has implemented part of iTunes as kernel extensions, and any tampering with the kernel requires a fresh boot to ensure stability. Other updates may have been done out of ignorance or habit, but in the case of the iApps, the reboots have generally been unavoidable.

That said, did the 10.2.8 update involve any kernel changes? It's been long enough that there could be a point release to the kernel itself by now, not to mention any other updated kernel extensions. I haven't yet had a chance to inspect the bill of materials (hint: lsbom /Library/Receipts/fooApp.pkg to learn what was updated in a given package), but if anything in there touched the kernel, then a reboot really does has to happen.

Re:uptime

[kwerle]

However, you're right in the sense that these updates don't actually require a restart. They are just doing it "to be sure".

I suppose they could try to kill the old sshd and restart it - but that's more trouble than it's worth.

As for uptime complaints because of update...

NEWSFLASH: If you don't wanna lose the uptime, don't update.

Or do it by hand and don't restart. Or just get a grip and realize that it don't matter.

I didn't restart for the Java patch...

Re:uptime

[Have+Blue]

Judging from the change list, it patches the USB, Bluetooth, and audio drivers. Maybe Apple doesn't feel comfortable changing kexts without a reboot.

Re:Yes on SSH

[phamlen]

Amazingly, three people all posted the answer to SSH within 1 minute, but you were first!

Congratulations! You win 4 points of karma!

The other players each lose a point each for being redundant. But they do get a copy of the home game!

Transparent dock now gone

[Froomb]

Otherwise no problems with 10.2.8 so far, but must say I miss my invisible dock background.

XBench

[Nexum]

FWIW, my XBench results under 10.2.6 were 69.99. Under 10.2.8 I have 76.3.

A nice little improvement even if it is a synthetic benchmark it's nice to see Apple striving for optimisation. Hopefully this mindset will be seen in Panther to a much greater degree seeing as being a full .x update the changes to the underlying OS have much greater license.

-Nex

Breaks M-Audio Revolution 7.1

[qengho]

A couple of people have reported to XLR8 Your Mac that their M-Audio Revolution 7.1 cards no longer work after the update. One mentions that M-Audio knows about it and is working on a fix.

Odd monitor gotcha

[thatguywhoiam]

Installed 10.2.8 on a 12" PowerBook (aka 'the footlong'), no discernable problems so far.

An odd thing was that it reset my monitor settings back to 16bit colour ('Thousands'), so you may want to watch out for that. Aqua does such a good job of dithering you probably wouldn't even notice at first.

Another odd thing was that my display went a little funky when doing the cross-fading desktop pictures just a second ago. Fixed itself after the transition was complete, no idea what that's about.

If you're superstitious like me don't forget to do the Repair Permissions trick - its the new Rebuild Desktop - although I had no issues there either.

One last thing, be prepared to have your frickin Keychain pestering you for the next week....

Re:from tech article...

[heychris]

So here's my $50,000 question. Since the newest G4s were supposed to actually have USB 2.0 chipsets in them, but the software was throttling them back to 1.1, does this update magically turn the late G4 MDDs into USB 2.0 machines? CC

more on x-fading pics

[thatguywhoiam]

Just replying to my own post with more info...

The cross-fading desktops feature has a new bug (on a 12" PB anyway) where the secondary monitor - in my case a Sony 17" CRT - screws up the transition effect.

The PowerBook is running at 1024x768/32bit on its main display, and 1280x1024/32bit on the secondary (NOT mirroring).

During the crossfade the first picture suddenly appears to squish to have the horizontal resolution, pushed to the left, and the palette gets munged (purple). It snaps back to normal after the fade but it ain't pretty.

All Recent Security Updates

[Rosyna]

APPLE-SA-2003-09-22 Mac OS X 10.2.8

Mac OS X 10.2.8 is now available. It contains fixes for recent
vulnerabilities in:

OpenSSH: Mac OS X 10.2.8 contains the patches to address CVE
CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682. On Mac OS X
versions prior to 10.2.8, the vulnerability is limited to a denial
of service from the possibility of causing sshd to crash. Each
login session has its own sshd, so established connections are
preserved up to the point where system resources are exhausted by
an attack.

To deliver the update in a rapid and reliable manner, only the
patches for CVE IDs listed above were applied, and not the entire
set of patches for OpenSSH 3.7.1. Thus, the OpenSSH version in
Mac OS X 10.2.8, as obtained via the "ssh -V" command, is:
OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL
0x0090609f

Sendmail: Addresses CVE CAN-2003-0694 and CAN-2003-0681 to fix a
buffer overflow in address parsing, as well as a potential buffer
overflow in ruleset parsing.

fb_realpath(): Fixes CAN-2003-0466 which is an off-by-one error in
the fb_realpath() function that may allow attackers to execute
arbitrary code.

arplookup(): Fixes CAN-2003-0804. The arplookup() function caches
ARP requests for routes on a local link. On a local subnet only,
it is possible for an attacker to send a sufficient number of
spoofed ARP requests which will exhaust kernel memory, leading to
a denial of service.

Re:I HATE MAC'S

INSIDE THE MACHINE oooo... SCARY! Watch your fingers now, something might get up and bite you!

Computer guy eh? Let me ask you a question....

I was writing a paper, on my PC when it went beepbeepbeepbeepbeepbeepbeep, and like half of my paper was gone!

What do you think the problem is?

tell apple you're not satisfied with patch time

[Irevia]

If you're not satisfied that it's taken about a week to patch sendmail and OpenSSH, send them feedback. This is what I sent them (although I don't suggest you say exactly the same!):

I just wanted to make feedback regarding the fact that it's taken a whole week between reports of the OpenSSH and sendmail vulnerabilities and Apple releasing a patch.

As a long-time Unix user just entering the world of OS X (and mostly enjoying it very much), I wanted to note that the FreeBSD project released patches within 24 hours of initial reports, as did many Linux vendors, and that I would expect faster response time from Apple in the future. Delays have a negative effect on the PR image of Apple as well as being a pain for admins and end users!

Thanks for taking the time to read this.

Re:Updated SSH

[LinuxMan]

Wow! I went to that URL, and realized something pretty crazy, if you enter older article numbers, you can see some cool historical stuff. For example: Apple II+: Mini-Assembler (1 of 2) or Apple III: Emulation Mode--Controlling Bit 8 of the RS-232 Port. Kinda cool, though not exactly the topic of this article.

Powerbook G4 1ghz

A good question.

[teamhasnoi]

Here we are (happily) updating our Macs, looking forward to things being fixed, updated and working better, not to mention new features and faster performance.

Has anyone out there *ever* updated Windows and expected it to *speed up* your computer?

I look at Windows update with dread - not knowing what evil new EULA, spyware, bugs and exploits await every trip.

Software Update is something that Apple got *so* right. People *want* to run it. Hell, I check twice a day! Do most Windows users even KNOW about Windows Update??

Another reason I just gave Apple my money.

Re:I HATE MAC'S

[teamhasnoi]

Well, to change the battery, I had to take the screen apart and all the colors fell out!

I called Apple and they said that that wasn't covered under Applecare! I have a paper due, and have 16.5 million colors to put back! Your problems don't amount to a hill of beans, Mister!

Re:The SSH version

[Graff]

Well, this has *an* update to ssh, I dunno if it's *the* update to ssh.

Yep, according to this technote it's *the* update to ssh:

Mac OS X 10.2.8

OpenSSH: Addresses CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682 to fix buffer management errors in OpenSSH's sshd versions prior to 3.7.1

sendmail: Addresses CAN-2003-0694 and CAN-2003-0681 to fix a buffer overflow in address parsing, as well as a potential buffer overflow in ruleset parsing.

fb_realpath(): Fixes CAN-2003-0466 which is an off-by-one error in the fb_realpath() function that may allow attackers to execute arbitrary code.

arplookup(): Fixes CAN-2003-0804. The arplookup() function caches ARP requests for routes on a local link. On a local subnet only, it is possible for an attacker to send a sufficient number of spoofed ARP requests which will exhaust kernel memory, leading to a denial of service.

Re:Where is 10.1.6??

[HSpirit]

That misses the point entirely.

1. When was OSX 10.1 released? After Windows 2000, right? What kind of outcry would there be if Micro$oft announced:

   "There's a critical security update available for Windows XP. The issue affects Windows 2000 too, but we don't support that any more."

   There'd be people wanting to charge Micro$oft with Treason...!
2. If I update the vendor included version with SSH with a version compiled from source, or even a binary not obtained from the vendor, in terms of support I am screwed, no?

I recommended purchase of a Mac in our office recently, due to the fact it could handle both the graphic design and web/mail serving requirements. My boss knows about Jaguar, but his opinion is that he shouldn't have to upgrade only a year after purchasing the Mac - he has a point, surely?

ETHERNET PROBLEM

[gidds]

10.2.8 includes a new version of the internal Ethernet driver; many folks have found it stops their Ethernet from working!

Discussed further here. Respect to Andrew McPherson for coming up with a workaround: make a backup of /System/Library/Extensions/AppleGMACEthernet.kext before upgrading, and restore it afterwards. If you've already upgraded, follow the link for more info.

Small Fonts in Safari

[reiggin]

Very small fonts in Safari render MUCH better now. They are actually legible. Must be an improvement to the Webcore. I can now read the positions on my Yahoo! Fantasy Football roster!

Re:I HATE MAC'S

[tgibbs]

I got the job as I'm the "Computer Guy" and can generally help friends and family with there computer problems. I have never seen such a tragedy of design as the TiBook!

Evidently, you didn't want to endanger your "computer guy" status by actually reading the directions. Besides, I'm sure your friend was very impressed by your extensive and unnecessary disassembly of her Powerbook, and will probably believe you when you blame Apple for the damage that you did.

Oh, by the way, the "easily accessed" slot is on the side, just where it is on a PC, and accepts standard wireless cards. The Airport card is for people who don't want to be bothered unplugging their wireless card every time they want to to put something else in that slot.

Not for G5 per Apple

[djupedal]

>Dumbass, Sir, to you....

TOPIC

This software updates Mac OS X 10.2.6 or 10.2.7 to version 10.2.8.

Important: This update works only with Power Mac G3- and G4-based desktop and portable computers, including iMac, eMac, and iBook. This update does not work with Power Mac G5 computers.

Seperate updates?

[beattie]

Why does everything have to be installed as a system upgrade? There should be seperate updates for SSH, Sendmail, System, ... and then you can choose what to install. This makes it easier for people with 10.1 also. As they can just install the SSH and/or Sendmail without needing 10.2 for the System update. Seems pretty basic to me.