Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Businesses Apple

Apple Posts Security Update 2002-11-21 36

Posted by pudge from the shmecurtiy dept.
Znonymous Coward writes "Apple has released Security Update 2002-11-21 for Mac OS X 10.2 (Jaguar) via the Software Update utility. The update 'fixes potential vulnerabilities introduced in BIND, the domain server and client library software package from Internet Software Consortium (ISC), that is shipped with Mac OS X and Mac OS X Server. BIND version 8.3.4 addresses the recently-discovered potential vulnerabilities where an unauthorized person may disrupt the normal operation of the DNS name service. BIND is not activated by default on Mac OS X or Mac OS X Server.'"
This discussion has been archived. No new comments can be posted.

Apple Posts Security Update 2002-11-21 More

Apple Posts Security Update 2002-11-21

Comments Filter:

  • Ellen (Score:2, Funny)

    by farnsworth ( 558449 )
    Yes yes, BIND updates are all well and good, but does this security update include any info about Ellen Feiss???
  • Really, anybody who cares about MacOS X security updates finds out about them as soon as the software update window pops up automatically telling you to download it. In fact, I'd wager that the person who posted this found out that exact way. So, my question is why is there a slashdot story for every MacOS update when everybody who cares (Read:people with macs) find out automatically anyway? There's got to be some real news to post...

    • Re:Isn't there any better apple news? (Score:5, Insightful)

      by pi radians ( 170660 ) on Friday November 22, 2002 @11:26PM (#4737180)
      Maybe this can be used as a venue for those who want to discuss the update.

      Actually there are a number of accounts that this update causes more harm than good. If this is your main site for Mac news it would be then seen as an excellent place to talk about the new security update.

      It may not be news, but to every Mac user here it is something that will affect them.

    • Re:Isn't there any better apple news? (Score:5, Insightful)

      by qengho ( 54305 ) on Friday November 22, 2002 @11:27PM (#4737183)

      why is there a slashdot story for every MacOS update

      Because not every MacAddlebrained Drone leaves Sofware Update in the default check-every-day mode. For example, I have no interest in Airport updates. Slashdot is actually the most up-to-date notification service I know of, bless its heart.

      • Because not every MacAddlebrained Drone leaves Sofware Update in the default check-every-day mode

        So what I get from this is that Slashdot is of most use to "MacAddlebrained Drones".

      • Re:Isn't there any better apple news? (Score:5, Informative)

        by Bishop923 ( 109840 ) on Saturday November 23, 2002 @01:58AM (#4737503)
        For example, I have no interest in Airport updates.

        You may already know this, but if you dont want to see updates for certain packages, highlight the offending package in the Software Update window and hit Command-minus, or go to the File menu and click "Make Inactive". The package wont bug you to update again until you make it visible.

        Of course I still wouldn't just apply a software update on a production machine till a few days have passed, and the bug reports start flowing in...(Or if you have the luck to have a testing box sitting at your desk to futz with... :-) )
    • I think stories like this provide a good way for people to get the word out if there are problems with updates.

      It usually takes MS and Apple a few days to fess up with their mistakes. The /. crowd keeps everyone in the loop in the meantime (like saying, "Hey, don't install service pack 3").

    • well... (Score:5, Interesting)

      by djupedal ( 584558 ) on Saturday November 23, 2002 @01:24AM (#4737442)
      I read about it here, while in the office, and dropped into my Mac at home via Webmin. I then issued this command:

      softwareupdate 0000

      ..this brought back a reply telling me the correct number of the update, and I reissude the command with the new number. When the update was done, the return message told me the box needed to be restarted. Another command via Webmin, and moments later the box is back online with the update done.

      Not everyone is at the box, nor does everyone keep the udpate agent running, etc.
    • This is news. The discussion following an update is invaluable, not just (as you say) the news of an available update.

      For example, 10.2.2 has under-the-hood changes in AppleEvents. These break Userland Frontier (and perhaps the add-ons like Manilla and Radio). No fix is yet available.

      I read the discussions of updates exactly for news like this.

  • Warning (Score:3)

    by pi radians ( 170660 ) on Friday November 22, 2002 @11:29PM (#4737190)
    There have been a few "incidents" with this update but all in all it seems to be fine.

    For your education. [versiontracker.com]

    • Re:Warning (Score:5, Funny)

      by singularity ( 2031 ) <nowalmart.gmail@com> on Saturday November 23, 2002 @12:07AM (#4737284) Homepage Journal
      Beware listening to any comment posted on VersionTracker.

      The forums seem to be full of people that either just make up symptoms involving the updated software (kernal panics on download of the install"), or reporting problems that are not at all involved with the software ("I installed AIM, and now the power to my water heater failed")

      No matter how safe the updated software (Apple or otherwise), there are always people that will have massive problems.

      I no longer even look at the forums.

      They make reading Slashdot at -1 look like a rational discussion.

  • Pathetic? (Score:4, Interesting)

    by Euphonious Coward ( 189818 ) on Friday November 22, 2002 @11:44PM (#4737232)
    Why did Apple distribute the old and buggy BIND version 8 with their OS when version 9 was already out at the time they released?

    I can almost understand about the old-line UNIX houses who have thousands of customers stuck with config files for the old version, but Apple didn't have any of those.

    Somebody please tell me that Macosix comes with both versions, and that the default is BIND 9, but they put 8 on there too for customers upgrading from other systems who want to keep the config files.

    • Re:Pathetic? (Score:4, Insightful)

      by Ster ( 556540 ) on Saturday November 23, 2002 @02:35AM (#4737607)

      BIND is not activated by default on Mac OS X or Mac OS X Server.

      So, unless you intentionally activate it, its really a non-issue. And if you know enough to activate it, then you probably know enough to be up to date.


      -Ster

    • Re:Pathetic? (Score:4, Interesting)

      by Thenomain ( 537937 ) on Saturday November 23, 2002 @09:02AM (#4738158) Homepage
      [i]Why did Apple distribute the old and buggy BIND version 8 with their OS when version 9 was already out at the time they released?[/i]

      In that case, why doesn't this recent update install Bind version 9? (It installs 8.3.4.) My guess is that Apple does internal QA to make sure the build doesn't break any other functionality, probably in attempt to keep the "it just works" philosophy going. That they put in an insecure Bind is probably more a "whups".

    • Re:Pathetic? (Score:3, Insightful)

      by Steve Cowan ( 525271 )
      Why did Apple distribute the old and buggy BIND version 8 with their OS when version 9 was already out at the time they released?

      If Apple waited for every latest and greatest component to become available (and tested it) prior to releasing OS updates, they would never release anything.

      This is particularly true of something like BIND, which is not enabled by default anyway!

  • Rebooting (Score:2, Insightful)

    by Znonymous Coward ( 615009 )
    Comparison:

    Apple's software updater forces me to reboot all the time.
    Microsoft makes me reboot after installing a service pack (and every time I "look" at my network settings).
    Redhat's software updater only "asks" me to reboot after a Kernel upgrade is installed.

    I wonder if you have to reboot with software update in Apple's OS X server?

    • Re:Rebooting (Score:5, Informative)

      by bdash ( 598142 ) <slashdot,org&bdash,net,nz> on Saturday November 23, 2002 @12:31AM (#4737341) Homepage
      Your definition of 'all the time' would appear to be different from what I understand it to be. To me, 'all the time' would mean that after _every_ update I would have to reboot. This is not the case. Currently in Software Update I see two updates available for me to install - Internet Explorer 5.2 Security Update and QuickTime. Of these, only QuickTime requires an update. I dont really see how QuickTime should require an reboot, but it is a rather integral part of the OS. Rebooting after security updates that dont involve core OS changes also seems a little wierd.

    • Re:Rebooting (Score:5, Informative)

      by Anonymous Coward on Saturday November 23, 2002 @05:25AM (#4737880)
      You obviously don't understand much about UNIX.

      Of the Software Updates I've installed from Apple, the following required a reboot:

      * BIND (no comment on why Apple shipped ver. 8 instead of ver. 9 - but since it's not enabled by default, what possible reason could Apple have to require it to reboot?)
      >> The OS's resolver library, which is compiled against BIND 8.
      * Mac OSX Update 10.2.2 - Shouldn't this be self-explanitory since the update also included a new and updated kernel?
      * Security Update 9/20/2002

      I did *not* have to reboot for:
      - Backup 1.2.1
      - Quicktime 6.0.2
      - Stuffit Expander Security Update 7.0
      - Airport Software 2.1.1
      - iTunes 3.0.1

      Now, why might there be a reason where one might have to reboot?

      Well, since files are referenced on disk based on their inodes; then if a file is opened by the system, simply overwriting the file will not be sufficient since a new version will have different inode references.

      The old references don't get released until the file closes. Since the kernel typically has the resolver library opened, this can't happen until the system reboots.

      So, to characterize Apple in the same vain as M$ with regards to requiring reboots after software updates, is extremely misguided.

      (And by the way, the same applies to Linux users - but if a linux users updated their BIND version and didn't reboot, their system will continue to use the old library's version until a reboot subsequently occured.)
  • Was it the one where the fix was to turn off recursion?
    • They turned it off, and then they turned it on again, but then I heard they will be turning it off again ....soon.

      "This Security Update fixes potential vulnerabilities introduced in BIND, the domain server and client library software package from Internet Software Consortium (ISC), that is shipped with Mac OS X and Mac OS X Server. BIND version 8.3.4 addresses the recently-discovered potential vulnerabilities where an unauthorized person may disrupt the normal operation of the DNS name service. BIND is not activated by default on Mac OS X or Mac OS X Server."
  • The user ellem on my 10.2.2 box is completely HOSED after rebooting from the latest Auto Update (the one that fixed BIND)

    The only other user (my wife) Lynda logs in fine.

    ellem has:

    No dock
    No background picture (I have blue on the 1/4 of the left side of the screen and black) the rest of the way
    Virtual Desktop no longer starts (Could be the problem)
    And Finder is extra dog slow

    Console says:

    2002-11-23 23:11:46.061 Dock[584] CFLog (0):
    CFPropertyListCreateFromXMLData(): plist parse failed; the data is not proper UTF-8. The file name for this data could be:
    com.apple.desktop.plist -- /Users/ellem/Library/Preferences/
    The parser will retry as in 10.1, but the problem should be corrected in the plist.
    2002-11-23 23:12:00.363 Dock[587] CFLog (0):
    CFPropertyListCreateFromXMLData(): plist parse failed; the data is not proper UTF-8. The file name for this data could be:
    com.apple.desktop.plist -- /Users/ellem/Library/Preferences/
    The parser will retry as in 10.1, but the problem should be corrected in the plist.

    Anyone else?
    Any Ideas?
    • It sounds like your Desktop preferences file was corrupted somehow. Try opening the file /Users/ellem/Library/Preferences/com.apple.desktop .plist (there's no space in that filename) in a text editor (it's just XML). If it looks messed up, you should probably just delete it and let the Finder regenerate it for you, using the defaults.

      I was going to post my plist for you, but Slashdot won't let me.

Slashdot Top Deals

In case of injury notify your superior immediately. He'll kiss it and make it better.

Close