Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Update 2004-02-23 Released

Posted by pudge on from the now-i-can-use-insecure-operations-securely dept.

dbesade writes "Apple has released a security update for Mac OS X. The update includes changes to disk arbitration, IPsec, the point-to-point protocol, and tcpdump. As usual the changes have not been posted to the Apple Support Website."

33 of 87 comments (clear)

  1. IPSec working.. by -tji · · Score: 4, Informative

    I am not sure what they changed in IPSec, but I installed the updates and my VPN connections are still working fine to a Check Point VPN-1 device.

    I looked through the man page for racoon.conf, and didn't see any functionality updates mentioned there. I was hoping they had added patches for NAT Traversal or xauth.

  2. small download by billbaird · · Score: 3, Informative

    only 1.6 megs, yippee!!

    1. Re:small download by edalytical · · Score: 4, Informative

      Software Update reports it's 5.1 MB, but I'm still running Jag. I'm sure it makes a differences.

      --
      Win a signed Stephen Carpenter ESP Guitar from the Deftones: http://def-tag.com/?r=0008781
  3. Re:Why didn't you post today's updates by IAmATuringMachine! · · Score: 5, Insightful

    Slashdot isn't quite the place to come for Windows news, but occasionally makes with the scoop. BSD has its own section. Linux typically makes the front page most of the day. Any other questions?

    Why do people come to the Mac section to bitch that there is Mac news in it?

    --
    "Computer Science is no more about computers than astronomy is about telescopes."
    -E. W. Dijkstra
  4. Re:Why didn't you post today's updates by justMichael · · Score: 4, Insightful

    You do relaize that you are reading apple.slashdot.org, right?

    You can find *BSD info here, the linux stuff is pretty much everywhere and Windows has moved to a monthly cycle, so you need to wait a couple more weeks and check here ;)

  5. It still feels weird... by readpunk · · Score: 4, Interesting

    It still feels weird wondering if these MAC issues also mean there are changes/upgrades to be made on *nix systems.

    --

    ./revolution
    1. Re:It still feels weird... by Mr.+Darl+McBride · · Score: 3, Interesting

      Most of those have already been patched in other Unices. I've never seen it stated as policy, but Apple seems to bundle local exploit fixes for scheduled updates, saving remote exploits for the surprise updates.

    2. Re:It still feels weird... by beegle · · Score: 5, Funny
      By MAC, are you referring to the privilege separation of Mandatory Access Control, Ethernet's Medium Access Control (aka "hardware address"), or something else?

      The article was referring to Macintosh (or Mac) issues, and I'm wondering why you're capitalizing the word.

      --
      --
    3. Re:It still feels weird... by JDWTopGuy · · Score: 4, Funny

      MAC: Recursive acronym for the mental disorder "MAC Always Capitalized". Annoying, but not dangerous.

      --
      Ron Paul 2012
    4. Re:It still feels weird... by geoffspear · · Score: 4, Funny

      It's too bad there aren't other ways to make words stand out besides incorrectly capitalizing tHeM.

      --
      Don't blame me; I'm never given mod points.
  6. Apple Support changes list... Tuesday by Gogo+Dodo · · Score: 4, Informative
    The Security Updates page trails by about a day so the list of changes should be up on Tuesday.

    All of Apple Support things seems to trail by about a day. Things must be published at a set schedule.

    1. Re:Apple Support changes list... Tuesday by Demolition · · Score: 3, Informative

      Yes, these updates automatically appear in Software Update. In fact, Security Updates usually appear in Software Update before they appear on Apple's website. The following day, a standalone downloadable updater is made available.

      D.

  7. Re:Why didn't you post today's updates by justMichael · · Score: 2, Insightful
    Doesn't matter what section it is, it's on the first page anyone sees.

    Yeah, as long as you are looking at http://apple.slashdot.org/

    Maybe I'm missing something, but the content I get at http://slashdot.org/ is:

    US Army Scraps Comanche Helicopter
    Posted by simoniker on 2004-02-23 17:35

    Developers: Firebird Relational Database 1.5 Final Out
    Posted by simoniker on 2004-02-23 16:46

    Science: Defending Earth From Asteroids With MADMEN
    Posted by simoniker on 2004-02-23 16:01

    Book Reviews: Learning Unix for Mac OS X Panther
    Posted by timothy on 2004-02-23 15:16

    The only one that is Apple related is the book review.

    Yes, I know he was trying to be an ass, that doesn't mean I have to stay quiet. Maybe he didn't realize he wasn't on the main page, it seems like an easy mistake ;)
  8. More info here by kaan · · Score: 2, Informative

    From this support page at apple.com:

    Security Update 2004-02-23 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:

    DiskArbitration
    IPSec
    Point-to-Point-Protocol
    Safari

    Additionally, Security Update 2003-11-19 has been incorporated into this security update. Those components are:

    gm4
    groff
    Mail w/CRAM-MD5 authentication
    OpenSSL
    Personal File Sharing
    QuickTime for Java
    zlib "gzprintf()" function

    1. Re:More info here by kaan · · Score: 2, Informative

      oops, posted the wrong link before... at a glance, it looks like it contains the same information.

      here is the correct page for 10.3.x at apple.com

  9. Re:Why didn't you post today's updates by Anonymous Coward · · Score: 2, Informative

    Or you could go into your prefs and turn OFF the apple stuff...

  10. Re:changes to..... by hard-mac · · Score: 2, Interesting

    and so far detecting some changes to: sshd sendmail slogin passwd cron top

  11. Re:Works fine so far... by skinfitz · · Score: 4, Funny

    I'll see your Powerbook and raise you 200Mhz.

  12. Re:Problem with security update don't install. by steeviant · · Score: 2, Interesting

    This sounds like one of those trolls where you change the problem and computer model to reflect the story you're posting about. Like the 'freelance gig' one.

  13. Files in distribution by Anonymous Coward · · Score: 5, Informative

    ./System/Library/Frameworks/CoreFoundation.framewo rk/Versions/A/CoreFoundation ./System/Library/Frameworks/CoreFoundation.framewo rk/Versions/A/Resources/Info.plist ./System/Library/Frameworks/CoreFoundation.framewo rk/Versions/A/Resources/version.plist ./System/Library/PrivateFrameworks/DiskArbitration .framework/Versions/A/Resources/Info.plist ./System/Library/PrivateFrameworks/DiskArbitration .framework/Versions/A/Resources/version.plist ./usr/lib/libpcap.A.dylib ./usr/sbin/diskarbitrationd ./usr/sbin/pppd ./usr/sbin/racoon ./usr/sbin/tcpdump

  14. Re:Typical by Anonymous Coward · · Score: 3, Funny

    Congratulations, you've figured out that when you post flamebait it will be moderated as such.

    For a novel experiment, try posting something insightful or informative and see what happens!

  15. Re:Works fine so far... by batobin · · Score: 3, Funny

    I'll see your GHz and raise you a quarter.

  16. Re:Update just screwed me by strazi · · Score: 2, Informative

    Okay, got it fixed. Good thing I had another computer to look up things about Open Firmware and how to reset stuff.

  17. kbase articles by blb · · Score: 5, Informative

    The kbase articles are online, but not mentioned anywhere yet:
    update for 10.2 server
    update for 10.3 client
    update for 10.3 server
    Not sure where 10.2 client is yet...

  18. Re:Why didn't you post today's updates by brasten · · Score: 5, Funny

    As already noted, Linux, *BSD, etc are already well covered on Slashdot. As far as Windows, have YOU ever tried keeping up with their updates/patches? Dear God...

  19. Re:Typical by Anonymous Coward · · Score: 2, Insightful

    This isn't about bashing a story, this is about you deciding it isn't news suitable for posting on apple.slashdot.org.

    It interests Macintosh users, so it's on topic.

    Likewise, any Microsoft story would be relevent on microsoft.slashdot.org if there was one.

    The conclusion remains inescapable: If you're not interested in Apple/Macintosh news, do not pay attention to apple.slashdot.org.

    It isn't as if this was a front page story. Then, you might have reason to complain -- but it would still be offtopic for the discussion associated with the story.

  20. Re:Problem with security update don't install. by Ohreally_factor · · Score: 4, Informative

    You took the bait, and now you look like a schmuck. This is the 20th time I've seen this troll on slashdot, and I'm not an everyday vistor/poster.

    --
    It's not offtopic, dumbass. It's orthogonal.
  21. I fold. by krray · · Score: 2, Funny

    Powerbook 667Mhz, crap hand again. I fold.
    No issues otherwise... :)

  22. Re:Problem with security update don't install. by fredmosby · · Score: 3, Funny

    After using Mac OS X for four years I couldn't help but laugh at this troll. Only a windows user would think the problems listed are even remotely plausible.

  23. Yes, but does it.. by dave1212 · · Score: 5, Funny

    fix the iTunes Pepsi hack?

  24. DiskArbitration by stoffel · · Score: 2, Interesting

    What does that mean??? or should I RTFM :-D

    1. Re:DiskArbitration by squiggleslash · · Score: 2, Funny
      Several makes of hard drive have recently come under scrutiny because of critical failures that can cause the loss of substantial amounts of data. These problems, as well as massively inconveniencing the buyer of the disks, cause problems up and down the line because it can be difficult to replace hard drives with ones guaranteed to work. Complaints and class action lawsuits, greeted by blanket denials and damage limitation exercises through PR rather than technical solutions, have become commonplace.

      What Disk Arbitration seeks to do is create a trusted third party, an arbitrator, that both the manufacturer and the consumer can use to resolve complaints. While neither party will get exactly what they want, they'll at least involve the costs and effort related to legal action and usually end up with a satisfactory settlement.

      If you ask me, it's a very good idea.

      ;-)

      --
      You are not alone. This is not normal. None of this is normal.
  25. Re:Update just screwed me by strazi · · Score: 2, Informative

    "reset-nvram" and then "reset-all" in open firmware, no idea what caused it though