Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Update 2004-09-07

Posted by pudge on from the mo-updates dept.

sizemoresr writes "Security Update 2004-09-07 delivers a number of security enhancements and is recommended for all users of Mac OS X 10.2.8 and later. This update includes the following components: CoreFoundation, IPSec, Kerberos, libpcap, lukemftpd, NetworkConfig, OpenLDAP, OpenSSH, PPPDialer, rsync, Safari and tcpdump."

5 of 77 comments (clear)

  1. Safari bug still there by setesh · · Score: 5, Informative
    Still does not fix the bug where if you load a page that changes a cookie and then immediatelly quit Safari the cookie change is not saved.

    Thought you logged out of your super secret intranet page - no you didnt...

  2. killed incoming ftp by ACmtd · · Score: 5, Informative

    This update apparently "secures" the FTP daemon in quite an original way, by rendering it completely inoperable.

    There are a few reports about it on Apple's discussions site.

    The workaround suggested in the above link is to revert to the original ftpd supplied with Panther/Jaguar using the OS X install discs and a tool like Pacifist - though I'm trying to look at the glass as half-full and use this as the kick in the pants I need to start using sftp instead..

  3. Re:rsync? by eLoco · · Score: 5, Informative

    I use the rsync available here because it includes support for HFS+ volumes, meaning it will preserve resource forks. It installs to /usr/local/bin so it doesn't overwrite the existing rsync at /usr/bin. You need to have it installed on all OS X machines that you are syncing between.

    To rsync data that includes files with resource forks from a remote server to a local server via ssh, use something like this:

    /usr/local/bin/rsync -ave ssh --delete --eahfs --rsync-path=/usr/local/bin/rsync \
    <user>@<remoteserver>:<path> <localpath>

    The --eahfs switch is what tells it to preserve resource forks.

    --
    sig != null
  4. rsyncX by Cbs228 · · Score: 5, Informative

    The latest Security Update has (predictably) broken my rsyncX install. I was able to fix this by overwriting /usr/bin/rsync (Apple's rsync) with /usr/local/bin/rsync (which is where rsyncX installs by default). However, be sure to RTF-security information first the version of rsync that rsyncX uses (2.6.0) is not secure in daemon mode (use SSH mode instead).

    --
    At our school, we don't earn a degree when we graduate—we earn pi/180 radians
  5. Web site display is not Apples fault, see here!! by Anonymous Coward · · Score: 5, Informative
    I did some sleuthing today on a Safari bug that came up just after this latest security update, and the problem is not Apple's fault. It's the fault of OpenCube's QuickMenu Pro product, used by FedEx, CompUSA, Best Buy and others. It causes all kinds of garbage menu text to appear before rendering the rest of the page. I reported the error to OpenCube along with the offending line of code in their tdqm_loader.js file.

    update: They wrote me back that they have a fix for it available on their updates page. Of course, it's not me, but the above websites which need to apply the update. (OpenCube lists several places that use this product on their front page on the left, so if anyone wants to email them to update their software, please do. I've got to get to other things tonight.)

    To verify that this isn't a Safari problem, put this identity string into any browser of your choice: "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.4.2 (KHTML, like Gecko) Safari/125.9" and go to one of the above sites. The "4" in the WebKit number trips up QuickMenu Pro.


    http://osx.hyperjeff.net

    Good catch Jeff!!