Apple Posts Security Update 2002-11-21 36
Znonymous Coward writes "Apple has released Security Update 2002-11-21 for Mac OS X 10.2 (Jaguar) via the Software Update utility. The update 'fixes potential vulnerabilities introduced in BIND, the domain server and client library software package from Internet Software Consortium (ISC), that is shipped with Mac OS X and Mac OS X Server. BIND version 8.3.4 addresses the recently-discovered potential vulnerabilities where an unauthorized person may disrupt the normal operation of the DNS name service. BIND is not activated by default on Mac OS X or Mac OS X Server.'"
Ellen (Score:2, Funny)
Isn't there any better apple news? (Score:2, Insightful)
Re:Isn't there any better apple news? (Score:5, Insightful)
Actually there are a number of accounts that this update causes more harm than good. If this is your main site for Mac news it would be then seen as an excellent place to talk about the new security update.
It may not be news, but to every Mac user here it is something that will affect them.
Re:Isn't there any better apple news? (Score:5, Insightful)
why is there a slashdot story for every MacOS update
Because not every MacAddlebrained Drone leaves Sofware Update in the default check-every-day mode. For example, I have no interest in Airport updates. Slashdot is actually the most up-to-date notification service I know of, bless its heart.
Re:Isn't there any better apple news? (Score:1, Troll)
So what I get from this is that Slashdot is of most use to "MacAddlebrained Drones".
Re:Isn't there any better apple news? (Score:1, Offtopic)
Re:Isn't there any better apple news? (Score:5, Informative)
You may already know this, but if you dont want to see updates for certain packages, highlight the offending package in the Software Update window and hit Command-minus, or go to the File menu and click "Make Inactive". The package wont bug you to update again until you make it visible.
Of course I still wouldn't just apply a software update on a production machine till a few days have passed, and the bug reports start flowing in...(Or if you have the luck to have a testing box sitting at your desk to futz with...
Re:Isn't there any better apple news? (Score:3, Insightful)
It usually takes MS and Apple a few days to fess up with their mistakes. The
well... (Score:5, Interesting)
softwareupdate 0000
Not everyone is at the box, nor does everyone keep the udpate agent running, etc.
Re:well... (Score:2)
Re:Isn't there any better apple news? (Score:1)
For example, 10.2.2 has under-the-hood changes in AppleEvents. These break Userland Frontier (and perhaps the add-ons like Manilla and Radio). No fix is yet available.
I read the discussions of updates exactly for news like this.
Warning (Score:3)
For your education. [versiontracker.com]
Re:Warning (Score:5, Funny)
The forums seem to be full of people that either just make up symptoms involving the updated software (kernal panics on download of the install"), or reporting problems that are not at all involved with the software ("I installed AIM, and now the power to my water heater failed")
No matter how safe the updated software (Apple or otherwise), there are always people that will have massive problems.
I no longer even look at the forums.
They make reading Slashdot at -1 look like a rational discussion.
Pathetic? (Score:4, Interesting)
I can almost understand about the old-line UNIX houses who have thousands of customers stuck with config files for the old version, but Apple didn't have any of those.
Somebody please tell me that Macosix comes with both versions, and that the default is BIND 9, but they put 8 on there too for customers upgrading from other systems who want to keep the config files.
Re:Pathetic? (Score:4, Insightful)
So, unless you intentionally activate it, its really a non-issue. And if you know enough to activate it, then you probably know enough to be up to date.
-Ster
Re:Pathetic? (Score:4, Interesting)
In that case, why doesn't this recent update install Bind version 9? (It installs 8.3.4.) My guess is that Apple does internal QA to make sure the build doesn't break any other functionality, probably in attempt to keep the "it just works" philosophy going. That they put in an insecure Bind is probably more a "whups".
Re:Pathetic? (Score:3, Insightful)
If Apple waited for every latest and greatest component to become available (and tested it) prior to releasing OS updates, they would never release anything.
This is particularly true of something like BIND, which is not enabled by default anyway!
Rebooting (Score:2, Insightful)
Apple's software updater forces me to reboot all the time.
Microsoft makes me reboot after installing a service pack (and every time I "look" at my network settings).
Redhat's software updater only "asks" me to reboot after a Kernel upgrade is installed.
I wonder if you have to reboot with software update in Apple's OS X server?
Re:Rebooting (Score:5, Informative)
Re:Rebooting (Score:1)
Err... should be only QuickTime requires a reboot.
Re:Rebooting (Score:5, Informative)
Of the Software Updates I've installed from Apple, the following required a reboot:
* BIND (no comment on why Apple shipped ver. 8 instead of ver. 9 - but since it's not enabled by default, what possible reason could Apple have to require it to reboot?)
>> The OS's resolver library, which is compiled against BIND 8.
* Mac OSX Update 10.2.2 - Shouldn't this be self-explanitory since the update also included a new and updated kernel?
* Security Update 9/20/2002
I did *not* have to reboot for:
- Backup 1.2.1
- Quicktime 6.0.2
- Stuffit Expander Security Update 7.0
- Airport Software 2.1.1
- iTunes 3.0.1
Now, why might there be a reason where one might have to reboot?
Well, since files are referenced on disk based on their inodes; then if a file is opened by the system, simply overwriting the file will not be sufficient since a new version will have different inode references.
The old references don't get released until the file closes. Since the kernel typically has the resolver library opened, this can't happen until the system reboots.
So, to characterize Apple in the same vain as M$ with regards to requiring reboots after software updates, is extremely misguided.
(And by the way, the same applies to Linux users - but if a linux users updated their BIND version and didn't reboot, their system will continue to use the old library's version until a reboot subsequently occured.)
What was this bug exactly? (Score:1)
recursion (and what it was, actually) (Score:1, Redundant)
"This Security Update fixes potential vulnerabilities introduced in BIND, the domain server and client library software package from Internet Software Consortium (ISC), that is shipped with Mac OS X and Mac OS X Server. BIND version 8.3.4 addresses the recently-discovered potential vulnerabilities where an unauthorized person may disrupt the normal operation of the DNS name service. BIND is not activated by default on Mac OS X or Mac OS X Server."
Hu hu HOSED my user! (Score:1)
The only other user (my wife) Lynda logs in fine.
ellem has:
No dock
No background picture (I have blue on the 1/4 of the left side of the screen and black) the rest of the way
Virtual Desktop no longer starts (Could be the problem)
And Finder is extra dog slow
Console says:
2002-11-23 23:11:46.061 Dock[584] CFLog (0):
CFPropertyListCreateFromXMLData(): plist parse failed; the data is not proper UTF-8. The file name for this data could be:
com.apple.desktop.plist --
The parser will retry as in 10.1, but the problem should be corrected in the plist.
2002-11-23 23:12:00.363 Dock[587] CFLog (0):
CFPropertyListCreateFromXMLData(): plist parse failed; the data is not proper UTF-8. The file name for this data could be:
com.apple.desktop.plist --
The parser will retry as in 10.1, but the problem should be corrected in the plist.
Anyone else?
Any Ideas?
Re:Hu hu HOSED my user! (Score:1)
Re:Hu hu HOSED my user! (Score:3, Informative)
I was going to post my plist for you, but Slashdot won't let me.