Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Businesses Apple

Apple Releases Security Update 2002-08-20 41

Posted by pudge from the here-we-go-again dept.
Prozy.G3 writes "Mac OS X Security Update 2002-08-20 includes updated components (OpenSSL & Security) which provide increased security to prevent unauthorized access to applications, servers, and the operating system. Mac OS X Security Update 2002-08-20 is available either through the Software Update application (System Preferences) or at the Apple Knowledge Base." According to the Knowledge Base, it is for Mac OS X 10.1.5; are these components already in Mac OS X 10.2, or is another update forthcoming?
This discussion has been archived. No new comments can be posted.

Apple Releases Security Update 2002-08-20 More

Apple Releases Security Update 2002-08-20

Comments Filter:

  • Um (Score:3, Insightful)

    by wdr1 ( 31310 ) <wdr1&pobox,com> on Tuesday August 20, 2002 @08:38PM (#4108663) Homepage Journal
    According to the Knowledge Base, it is for Mac OS X 10.1.5; are these components already in Mac OS X 10.2, or is another update forthcoming?

    Wouldn't it be better to find that out from Apple as opposed to asking the general Slashdot audience?

    -Bill
  • 10.2 has OpenSSL 0.9.6b 9 Jul 2001
    Someone compare this in 10.1.5 (type 'openssl' then 'version' to see, if you didnt already know)

    $ Security
    bash: Security: command not found ;)

    • Re:Not for Jag (Score:4, Informative)

      by tm2b ( 42473 ) on Tuesday August 20, 2002 @09:18PM (#4108830) Journal
      Pre-update, 10.1.5 had OpenSSL 0.9.6b 9 Jul 2001.

      Post-update, 10.1.5 has OpenSSL 0.9.6e 30 Jul 2002

      So, it looks like 10.2 will generally be vulnerable until Apple rolls out the Jaguar version of the patch.
    • After the update, I get:
      OpenSSL 0.9.6e 30 Jul 2002
      So Jag will probably require an update too.
    • This is what I have after Security Update 2002-08-02 [apple.com] for 10.1.5:

      [medellia:~] dwc% openssl version
      OpenSSL 0.9.6c 21 dec 2001

      I haven't installed this latest update:

      [medellia:~] dwc% softwareupdate
      Software Update Tool
      Copyright 2002 Apple Computer, Inc.

      Software Update found the following new or updated software:

      - SecurityUpd2002-08-20
      Security Update 2002-08-20 (1.0), 2680K - restart required

      To install an update, run this tool with the item name as an argument.
      e.g. 'softwareupdate ...'

      So, I'm guessing this is for 10.1.5, and that 10.2 will have a separate update for these items (since the CDs have most likely gone into production already).
      • Erm, sorry. That was actually my install of OpenSSL from Fink [sourceforge.net]. The correct version prior to updating is 0.9.6b 9 Jul 2001, and the correct version after updating is 0.9.6e 30 Jul 2002.
  • Maybe i should buy a subscription, (Mozilla 1.0 on 10.2)

    Screen shot [forked.net]
  • On the kbase article apple advise you need a:

    Mac OS X compatible computer

    Note they don't say "Mac OS X compatible Macintosh"

    They're making clones again!

    brought to you by the reading-too-much-into-things dept.

    a grrl & her server [danamania.com]
  • I'm running the release version of Jaguar, and as of right now there is no update available (using Software Update). I guess they're punishing the early early adoptors and waiting until the release date.

  • command line updater? (Score:3, Informative)

    by Anonymous Coward on Wednesday August 21, 2002 @05:19AM (#4110154)
    The previous couple of updates installed a command-line utility to get software updates (/usr/sbin/softwareupdate). Very handy as I usually admin our servers over ssh.

    But at the moment, this new update only shows up in the GUI Software Update panel -- running from the CL tells me "Your software is up to date" and then exits. Anyone know why?
    • Weird, I just updated mine via the command line, as I am logged in to my home box via SSH. See the following:

      Software Update Tool
      Copyright 2002 Apple Computer, Inc.

      Software Update found the following new or updated software:

      - SecurityUpd2002-08-20
      Security Update 2002-08-20 (1.0), 2680K - restart required

      To install an update, run this tool with the item name as an argument.
      e.g. 'softwareupdate ...'

      I thne installed the update via the command line and it worked just fine. Hope this helps!

      -Jeff
    • I did not know about this. Sweet, thank you, thank you very much

      PS it works for me too.

      Anyone know how I can get the SWU to stop telling me about the other languages (w/o installing them?)

  • 10.2 Update (Score:2, Informative)

    by rgraham ( 199829 )
    According to the Knowledge Base, it is for Mac OS X 10.1.5; are these components already in Mac OS X 10.2, or is another update forthcoming?

    There have been reports that Apple will post an update for 10.2 a couple of weeks after it is released to address some security concerns, like the most recent one for 10.1.x and to fix some minor bugs that have shown up since 10.2 went GM.

  • 0.9.6e (Score:2, Interesting)

    by artfulbodger ( 591150 )
    The documentation for the previous security update (Security Update 2002-08-02 for OpenSSL, Sun RPC, mod_ssl) said it included 0.9.6e of OpenSSL. But after I installed the update and checked with "openssl version" it said it was still 0.9.6b.

    This had me worried for a while, and mad at Apple, until someone pointed out that it looked like the update changed the significant libraries, so it probably was patched. Pretty irritating though.

  • Was that restart really necessary? Even for an update that replaces libraries, I would have thought the most that would be required would be to restart the odd daemon, not the whole system!

    I was under the impression the Darwin framework system was sophisticated enough to deal with new versions replacing old on running systems.

    Is this just a holdover in thinking from the OS 9 days?

    • Apple is just being lazy.

      The only time you really need to reboot is if the kernel is updated. You can force quit the updater app if you want to bypass it.
    • As openssl was part of the update, I'm guessing that daemons like apache and sshd would need to be restarted. The best way of taking care of all these would simply be a reboot.
      • Best? A reboot is simple, but I don't think it's the 'best'.

        Apple could walk through the process list and restart any of the standard daemons that needed it. They could suggest that a reboot would be a Good Idea, but I don't think it should be mandatory.

        Debian manages this sort of thing with apt-get just fine without a reboot.

        It's a mindset thing. Someone is still stuck in the 'any change to the system = reboot!' frame.

  • this security update 2002-08-20 appeared (surprise!) on Aug 20th in the SW Update system preferences. I run the update and rebooted.

    However the next day, on the 21st, it appeared again with the same name; I reinstalled it and rebooted the machine again. Now it seems to be fine.

    Anyone else experienced this?

Slashdot Top Deals

I have hardly ever known a mathematician who was capable of reasoning. -- Plato

Close