Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Update 2004-09-07

Posted by pudge on from the mo-updates dept.

sizemoresr writes "Security Update 2004-09-07 delivers a number of security enhancements and is recommended for all users of Mac OS X 10.2.8 and later. This update includes the following components: CoreFoundation, IPSec, Kerberos, libpcap, lukemftpd, NetworkConfig, OpenLDAP, OpenSSH, PPPDialer, rsync, Safari and tcpdump."

13 of 77 comments (clear)

  1. Apple's forced upgrade plans by ZackSchil · · Score: 5, Funny

    I can't believe Apple would do something like this to 10.2 users! I paid $120 for Mac OS X v10.2 and now Apple refuses to fix critical security flaws in my OS, which is not yet 2 years old. I refuse to pay this annual Apple tax! And what's with the one mouse button, overpriced, non-upgradable hardware, combustible batteries, and abnormally long file copy times. I mean come on my 486 box with... wait, what?

    The update IS for 10.2 and 10.3 users? Oh. Good then. I don't really feel like deleting the other stuff I wrote. Good to get it out of the way anyway, I guess.

    Thanks Apple!

    1. Re:Apple's forced upgrade plans by MarsDefenseMinister · · Score: 5, Funny

      I can't believe Apple would do something like this to 10.2 users!

      I can't believe that Apple has 10.2 users. Nice to see that they are expanding the user base.

      --
      No weapon in the arsenals of the world is so formidable as the will and moral courage of free men.-Ronald Reagan
  2. It's 3 o Clock and all's well by mojoviper · · Score: 5, Funny

    At least so far. Nothing's tripping up, no "Shock and Awe"-worthy problems. And most importantly, my Ti-book (10.3.5) still doesn't work like a windows machine.

    --
    Si hoc legere scis nimum eruditionis habes sed iliud latine dici non potest.
  3. Safari bug still there by setesh · · Score: 5, Informative
    Still does not fix the bug where if you load a page that changes a cookie and then immediatelly quit Safari the cookie change is not saved.

    Thought you logged out of your super secret intranet page - no you didnt...

  4. Re:Post Install Experiences Here... by Ford+Prefect · · Score: 5, Funny

    It seemed to install correctly on my iBook, but on rebooting the Apple logo morphed into a deep red pentagram. Flames then started belching from the optical drive, the screen became a window into the lower reaches of hell, sulphurous fumes vented from the keyboard and all the cables caught fire.

    So, seems to be working okay - haven't noticed any other differences, and it's just as stable as it was before. Kind of disappointing, really...

    --
    Tedious Bloggy Stuff - hooray?
  5. Re:AH. Refreshing. by jellomizer · · Score: 5, Insightful

    Well there is a big difference in security fixes. OS X and OSS OS's tend to have a lot of little low level security risks that take a quick little patch to fix. While Windows Security Modle is so flawed they are trying crazy to fix things and there solutions are rather complex because there software and other 3rd Party used these security holes to get around other problems in the system that never worked right. Most of the security holes in OSS are little things like buffer overflows where the programmer needs to put a limit on some pointers and arrays. While Microsofts has that too but the know every thime that is affected they have administer rights.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  6. rsync? by numbski · · Score: 5, Interesting

    You mean rsync runs correctly in both user and daemon mode????

    On 10.2?

    Yay! I've been trying to get BackupPC to backup our XServe with no luck at all to this point. Finally! I had tried compiling from sources and from Fink and both failed miserably. Something about an OS-specific bug. w00t!

    --

    Karma: Chameleon (mostly due to the fact that you come and go).

    1. Re:rsync? by eLoco · · Score: 5, Informative

      I use the rsync available here because it includes support for HFS+ volumes, meaning it will preserve resource forks. It installs to /usr/local/bin so it doesn't overwrite the existing rsync at /usr/bin. You need to have it installed on all OS X machines that you are syncing between.

      To rsync data that includes files with resource forks from a remote server to a local server via ssh, use something like this:

      /usr/local/bin/rsync -ave ssh --delete --eahfs --rsync-path=/usr/local/bin/rsync \
      <user>@<remoteserver>:<path> <localpath>

      The --eahfs switch is what tells it to preserve resource forks.

      --
      sig != null
  7. Re:Post Install Experiences Here... by jaoswald · · Score: 5, Funny

    So you're saying the interface seems snappier?

  8. killed incoming ftp by ACmtd · · Score: 5, Informative

    This update apparently "secures" the FTP daemon in quite an original way, by rendering it completely inoperable.

    There are a few reports about it on Apple's discussions site.

    The workaround suggested in the above link is to revert to the original ftpd supplied with Panther/Jaguar using the OS X install discs and a tool like Pacifist - though I'm trying to look at the glass as half-full and use this as the kick in the pants I need to start using sftp instead..

  9. Re:Post Install Experiences Here... by hawaiian717 · · Score: 5, Funny

    I think you're posting under the wrong topic. This is Security Update 2004-09-07 for Mac OS X, not Windows XP Service Pack 2.

    --
    End of Line.
  10. rsyncX by Cbs228 · · Score: 5, Informative

    The latest Security Update has (predictably) broken my rsyncX install. I was able to fix this by overwriting /usr/bin/rsync (Apple's rsync) with /usr/local/bin/rsync (which is where rsyncX installs by default). However, be sure to RTF-security information first the version of rsync that rsyncX uses (2.6.0) is not secure in daemon mode (use SSH mode instead).

    --
    At our school, we don't earn a degree when we graduate—we earn pi/180 radians
  11. Web site display is not Apples fault, see here!! by Anonymous Coward · · Score: 5, Informative
    I did some sleuthing today on a Safari bug that came up just after this latest security update, and the problem is not Apple's fault. It's the fault of OpenCube's QuickMenu Pro product, used by FedEx, CompUSA, Best Buy and others. It causes all kinds of garbage menu text to appear before rendering the rest of the page. I reported the error to OpenCube along with the offending line of code in their tdqm_loader.js file.

    update: They wrote me back that they have a fix for it available on their updates page. Of course, it's not me, but the above websites which need to apply the update. (OpenCube lists several places that use this product on their front page on the left, so if anyone wants to email them to update their software, please do. I've got to get to other things tonight.)

    To verify that this isn't a Safari problem, put this identity string into any browser of your choice: "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.4.2 (KHTML, like Gecko) Safari/125.9" and go to one of the above sites. The "4" in the WebKit number trips up QuickMenu Pro.


    http://osx.hyperjeff.net

    Good catch Jeff!!