Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Updates Released for Panther and Jaguar

Posted by pudge on from the what-happens-if-everyone-reboots-at-once? dept.

ZackSchil writes "Apple has released security updates for both Mac OS X 10.3.1 and, as promised, 10.2.8. The update to 10.3.1 updates OpenSSL and zlib's gzprintf() function. In addition to those updates, the 10.2.8 update contains changes to gm4, groff, Mail w/CRAM-MD5 authentication, Personal File Sharing, and QuickTime for Java. Run Software Update for more information and to install the updates."

8 of 75 comments (clear)

  1. seems to work by for_usenet · · Score: 2, Informative

    I tried the update to 10.2.8, and all seems to be well. Thanks to Apple for keeping the older OS's secure. Now if they'd only let us use 3rd party drives with their Disc-recording software in 10.3, it would be golden !! ;-)

  2. Just downloaded and..... by ihatewinXP · · Score: 4, Informative

    Everything still works. I havent seen any killer bugs popping up on macfixit or versiontracker either. Also note that the QT Java update is included - fixed one broken site for me that Panther QT had knocked out.

    Oh and a bluetooth update, but my Sony Ericsson already works flawlessly (and still does post-update).

    And yes, it does require a restart for all of you running the "Show Off" uptime screen saver.

    --
    ---- The real Slashdot is still here. You just have to browse at -1 to read the comments.
  3. On a related note by Tengoo · · Score: 2, Informative

    I haven't seen this mentioned yet so I'll pass this tidbit along.
    SecurityTracker has information on a new sudo vulnerability. Only laptops are affected.

    1. Re:On a related note by Anonymous Coward · · Score: 2, Informative

      This is a pretty serious issue, but there are a couple of more practical workarounds than the ones mentioned in the link, until the problem is fixed (if this security update doesn't fix it)

      Users running Panther can also set the "Require password to wake this computer from sleep or screen saver" option in the Security preference pane.

      Jaguar users can grab the program sleepwatcher and make it issue the 'sudo -k' command on sleep.

      Remember though, if someone can get unsupervised access to your laptop, they can usually just walk off with it anyway. So if anyone does get caught out by this bug, it's a sign that they're probably too lax with physical security.

  4. Re:10.3 broke the network gui - fixed soon? by OmniVector · · Score: 1, Informative

    what the hell are you talking about?
    i went to the finder, hit cmd-K, typed in smb://myserver/share, and it instantly mounted on my desktop. i clicked the eject button in the finder's new sidebar and it unmounted just fine.

    --
    - tristan
  5. Re:10.3 broke the network gui - fixed soon? by gobbo · · Score: 3, Informative

    Even if mounted servers don't show on the desktop (one of my user configs obsoletes the desktop anyway, so I personally can understand where you're coming from), they still don't show in the Finder window sidepanel that lists drives and favorites etc. if you've connected using the Network icon. That means no feedback about mounted shares, and no eject button, and even worse behaviour like Finder locking up when you unplug.

    I'd say having to ask someone or look up, then type in ip addresses and protocols is more Old School than (cmd-K, let's see, oh there it is, arrow-right arrow-down-down-down, return key), don't you think? I have more important things to think about than
    smb://obscure-27.someadmincruft.weird-9.domain.con
    and the like.

    Axiom:
    Discovery is better done in the interface than in meatspace.

    Now go and describe how to use this setup to someone who reads Habermas and McLuhan all day and night, and just wants to get to their damn files, or who thinks that Windows was always called XP and Britney is cool.
    [/rant]

    --
    Damn those pesky terrorists
  6. Re:OpenSSL? by Frequency+Domain · · Score: 2, Informative
    All three of the machines which I updated today report identical results, a newer version than yours:
    shiva:~ freq$ openssl version
    OpenSSL 0.9.7b 10 Apr 2003

    Is it possible you installed your own copy, say in /usr/local/bin, and then forgot about it? Try running "which openssl", and see if it reports something other than /usr/bin/openssl. Alternatively, explicitly run the system's openssl: "/usr/bin/openssl version".

  7. Fink? by grocer · · Score: 2, Informative

    I did the same thing on my iBook and get the same output:

    [Adam-Laptop:/usr/bin] user% openssl version
    OpenSSL 0.9.7a Feb 19 2003
    [Adam-Laptop:/usr/bin] user%

    Now, the weird thing is there is openssl command in /usr/bin/ but when I run "which openssl" I get "/sw/bin/openssl" and running "/usr/bin/openssl version" returns "Command not found."

    Now I have to ask why is this?