Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
OS X Businesses Operating Systems Apple

Apple Security Update Posted 57

patpro writes "Apple has just released a security update for Mac OS X. It includes Apache 1.3.23, OpenSSH 3.1p1, PHP 4.1.2, rsync 2.5.2, and sudo 1.6.5p2 (among other things). For the moment it's available only via the Software Update pane in System Preferences, but it should be available later at the Apple Downloads Page."
This discussion has been archived. No new comments can be posted.

Apple Security Update Posted

Comments Filter:
  • by White Roses ( 211207 ) on Friday April 05, 2002 @10:17AM (#3290469)
    I like Apple's Software Update, and it certainly makes keeping abreast of security patches easy. But I'd like Apple to take a look at Red Hat's up2date. It runs with a lot less interaction (mine runs in a cron job every night - a list of installed packages is waiting for me in the moring), and is a lot more flexible (I can pick and choose what type of updates to install). OTOH, Apple's Software Update doesn't require an account, as up2date does. But Software Update doesn't seem to be able to install without interaction with me. Of course, I've only been working with it for 5 days now (seems like longer, because it's pretty darn easy to use, one begins to feel like an expert very quickly).

    Other than that, these same updates were available from Red Hat between 2 and 4 weeks ago depending on the package. Apple could be a little faster on the uptake, especially with security patches.

    This is constructive criticism, and nothing more.

    • I'm affraid the rsync 2.5.2 Apple just released for OSX is still vulnerable...

      the FreeBSD-SN-02:01 Security Notice reads this :

      Port name: rsync
      Affected: versions < rsync-2.5.4
      Status: Fixed.
      Incorrect group privilege handling, zlib double-free bug.
      URL:http://online.securityfocus.com/bid/4285
      URL:http://www.rsync.org/

      so what ? is MacOSX immune to the "Incorrect group privilege handling" bug of rsync < 2.5.4 or does Apple just released a buggy sec. update ? This bug appears to be known for 3 weeks now...
    • by Dephex Twin ( 416238 ) on Friday April 05, 2002 @10:37AM (#3290574) Homepage
      It runs with a lot less interaction (mine runs in a cron job every night - a list of installed packages is waiting for me in the moring)

      I think a majority of OS X users like, or at least don't mind, the interaction. I don't want the software update to download or install packages without asking. Even if Apple did want to make this an option, why would they move to this third-party update product, instead of just adding a checkbox "Download and install updates automatically" to the existing app?
      and is a lot more flexible (I can pick and choose what type of updates to install).

      I'm not sure here what is different about what they have in OS X now. One can both pick, as well as choose, the updates one wishes to install. One can also disable a package that is not needed so that the updater doesn't ask about it again.

      mark
      • Agreed about making the option available. That, in fact, was my gripe, really: at this point the option isn't available. Not so much that they should move to a third-party option, just that they might take a look at the third-party's mothodology and emulate it a little. Which would be quite a change for Apple.

        To be honest, I like both methods. The Apple version just seems a little too inflexible (AFAIK, again, not much fiddling with it yet). With Apple, I can check daily, weekly or monthly, but at what time? When I boot up? When the system is idle? Midnight? 4 AM? It's a small quibble at best, but I like that flexibility. As to which packages to install, Red Hat's (seems) to let me pick and choose more, which is not to say that Apple doesn't let me choose at all, just not enough (for me).

        OTOH, none of my Macs have ever really had good access to cron, which OS X has. So I should really just count my blessings and stop bitching because it's not everything I want it to be one year after introduction. 8)

        I'd like a command-line accessible fortune, though. All the versions I've found so far are GUI.

        • Not so much that they should move to a third-party option, just that they might take a look at the third-party's mothodology and emulate it a little. Which would be quite a change for Apple.

          If they thought it was really good, I'm sure Apple would have no qualms about even licensing it (look at SoundJam -> iTunes for example). However, I think that Apple wanted the application to work the way it does. I also would see benefit in an "Advanced Options" section on the software update, where I could set the time update checks are run, and possibly also auto-install options. It just seems like they could easily just add these tiny features on with very little effort (which is why I thought they didn't need to use a 3rd-party app).

          The average Mac user doesn't want to be bothered with these details, though, and for that reason I think the interface should at least default to the way it is.
          I'd like a command-line accessible fortune, though. All the versions I've found so far are GUI.

          I think most Mac users are complaining that they want things to go in the other direction-- that is, many say "Great, I have access to all these Unix apps, but that's worthless to me because they don't have a GUI!"

          But things seem to be coming together more and more all the time.

          mark
        • Re: (Score:1, Informative)

          Comment removed based on user account deletion
    • Same thing for apt-get, although apt-get doesn't require any "account" with Red Hat.
    • But I'd like Apple to take a look at Red Hat's up2date.

      I'd rather see them look at debian's apt-get.
      It's already available via fink [sf.net] for accessing ported unix software, why not make it the official system update mechanism too?

      And, as another post mentions below, rh's up2date has that nasty account requirement, which nobody is a big fan of. Why do we need a profile on their server? Why not create a local profile, and let the client request the stuff it wants? WHY?

      I long for the day that apt-get is the standard package management tool accross unices.
  • PHP Module Replaced (Score:5, Informative)

    by Paul Burney ( 560340 ) on Friday April 05, 2002 @10:24AM (#3290499) Homepage

    This update will replace the current PHP module you have installed.

    Many people use a version of the Apache PHP module compiled for OS X by Marc Liyanage that has PDF/Postgres/curl/gd, etc. enabled, rather than the stock Apple installed module.

    After applying the update, you will need to reinstall the Liyanage module. It only takes 3 minutes. The instructions and download are located here:

    http://www.entropy.ch/software/macosx/php/ [entropy.ch]

  • I keep reading about update problems, but until now, everything has always worked for me.

    This one bombed though. It downloaded, and then I got a message saying that none of the patches had been installed due to "an error".

    The system console was no more explicit. There were reports of problems on Macnn.com as well.

    Has anyone installed it successfully on their system?

    Ted
  • No reboot required! (Score:2, Informative)

    by rgraham ( 199829 )
    Not like these sorts of updates should require a reboot but sometimes they do, like with the recent Airport software update.
  • I would dearly love this update, but my damn Software Update thingy's stopped working. Can't connect, although every other program works. Anyone suggest a solution?
    • find and delete the preferences file for software update. or more advisable, move it out of the preferences folder and make sure it doesnt totally break the app before deleting it.
      ~/library/preferences/com.apple.SWUpdateEngine.pli st
  • Has anyone else had this problem? It's been around for quite a while on my PowerMac G4, and no matter how many security updates I install it doesn't change.

    When I try running SSH, I get

    OpenSSL version mismatch. Built against 90581f, you have 90602f

    So how do I get 90581f, or whatever I actually need?

    Thanks for any help.

    D
    • You likely installed a custom build of OpenSSH at some point in time and now when you run 'ssh' it runs this outdated copy instead of Apple's copy. Outdated here means that it was built against OpenSSL 0.9.4something or 0.9.5something, not the 0.9.6b that is currently provided by Apple.

      Run "which ssh" and see what it tells you. If it says "/usr/local/bin/ssh", you may want to remove that copy of ssh so that it uses Apple's version (/usr/bin/ssh).

Your own mileage may vary.

Working...