Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
OS X Businesses Operating Systems Upgrades Apple

Mac OS X 10.2.8 Available 280

Transfan76 writes "The 10.2.8 Update delivers enhanced functionality and improved reliability for the following applications, services and technologies: Audio, Bluetooth, Classic compatibility, Finder, Graphics, LDAP, Power Management, Safari, and FireWire and USB device compatibility. The update also provides updated security services and includes the latest Security Updates." Does this have the update to ssh?
This discussion has been archived. No new comments can be posted.

Mac OS X 10.2.8 Available

Comments Filter:
  • Yes. (Score:5, Informative)

    by Brazzo ( 22202 ) on Monday September 22, 2003 @05:33PM (#7028847) Homepage
    %ssh -V
    OpenSSH_3.4p1+CAN-2003-0693
    Yes.
    • by phamlen ( 304054 ) <`moc.liam' `ta' `nelmahp'> on Monday September 22, 2003 @06:06PM (#7029130) Homepage
      Amazingly, three people all posted the answer to SSH within 1 minute, but you were first!

      Congratulations! You win 4 points of karma!

      The other players each lose a point each for being redundant. But they do get a copy of the home game!
    • Re:Yes. (Score:2, Informative)

      by raju1kabir ( 251972 )
      OpenSSH_3.4p1+CAN-2003-0693

      They're behind by one. See CAN-2003-0695 [mitre.org].

      • See Apple's Security [apple.com] page:

        Mac OS X 10.2.8

        OpenSSH: Addresses CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682 to fix buffer management errors in OpenSSH's sshd versions prior to 3.7.1

        sendmail: Addresses CAN-2003-0694 and CAN-2003-0681 to fix a buffer overflow in address parsing, as well as a potential buffer overflow in ruleset parsing.

        fb_realpath(): Fixes CAN-2003-0466 which is an off-by-one error in the fb_realpath() function that may allow attackers to execute arbitrary code.

        arplookup(): Fix
    • Re:Yes. (Score:2, Insightful)

      by fermion ( 181285 )
      Well, I assumed the anti-mac frat boys would take mention this, but evidently the years of cheap beer and Dawson Creek has dulled their minds...

      I really must say that Apple putting a security patch and a feature update together in the same download is really horrible. We have been justifiable criticizing MS for doing the same things, and they finally got the message.

      With the Software Update interface in OS X such combinations are unnecessary. All updates are automatically checked, so there is no extr

      • If you're not happy, just install Fink, compile OpenSSH 3.7.1p1 and enable it instead of Apple's version.

        That's what a lot of us did.
  • Same as G5s (Score:5, Informative)

    by MBCook ( 132727 ) <foobarsoft@foobarsoft.com> on Monday September 22, 2003 @05:33PM (#7028851) Homepage
    Now, this update is NOT FOR G5 OWNERS. That said, does this update basically bring all G3s and G4s to the same as G5s (bugfix and feature/improvement wise, except for 1 or 2 very new ones), or is this above and beyond (since I know that G5s shipped with a newer version of OS X). Thanks.
  • Updated SSH (Score:2, Informative)

    by ZxCv ( 6138 ) *
    No official word on the updated SSH, but the version string has been changed from "OpenSSH_3.4p1" to "OpenSSH_3.4p1+CAN-2003-0693".

    Soooo, I'd have to guess that, yes, it is fixed.
  • The SSH version (Score:2, Informative)

    Well, this has *an* update to ssh, I dunno if it's *the* update to ssh.

    The version string changes to:
    OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL 0x0090609f

    From:
    OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090609f

    So it's still 3.4, but it looks like they added some patch.
    • Re:The SSH version (Score:5, Informative)

      by Graff ( 532189 ) on Monday September 22, 2003 @08:40PM (#7030154)
      Well, this has *an* update to ssh, I dunno if it's *the* update to ssh.

      Yep, according to this technote [apple.com] it's *the* update to ssh:
      Mac OS X 10.2.8

      OpenSSH: Addresses CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682 to fix buffer management errors in OpenSSH's sshd versions prior to 3.7.1

      sendmail: Addresses CAN-2003-0694 and CAN-2003-0681 to fix a buffer overflow in address parsing, as well as a potential buffer overflow in ruleset parsing.

      fb_realpath(): Fixes CAN-2003-0466 which is an off-by-one error in the fb_realpath() function that may allow attackers to execute arbitrary code.

      arplookup(): Fixes CAN-2003-0804. The arplookup() function caches ARP requests for routes on a local link. On a local subnet only, it is possible for an attacker to send a sufficient number of spoofed ARP requests which will exhaust kernel memory, leading to a denial of service.
  • YAY Update :) (Score:4, Insightful)

    by Puggs ( 562473 ) <slashdot@schiz n i k . c om> on Monday September 22, 2003 @05:41PM (#7028940) Homepage
    OK, so how many of you Apple owners saw this, and reached instantly for the Software Update with glee?

    And how many thought the same when the latest Windows Bloat Patch ^W^WUpdate came along? not many? thought as much :)

    oh the joys of being a proud owner or a 12" PB.....

    hmm maybe I need to update my .sig - ... And Mac OS X just gets out of the way, letting you do what you wanted to do...

    • Re:YAY Update :) (Score:5, Insightful)

      by Otter ( 3800 ) on Monday September 22, 2003 @05:54PM (#7029041) Journal
      OK, so how many of you Apple owners saw this, and reached instantly for the Software Update with glee?

      I dunno -- some of us who remember the iTunes updater fiasco like to wait a day or two before applying patches and updates. If there's a disaster out there, let it be someone else who stumbles across it. Same for Linux kernels, new versions in emerge (do I really need a new point release of awk this minute) and anything else.

      I mean, I get your point but Mac users do get burned too, and I'd rather it's you than me.

      • Re:YAY Update :) (Score:4, Interesting)

        by John Harrison ( 223649 ) <.johnharrison. .at. .gmail.com.> on Monday September 22, 2003 @07:44PM (#7029794) Homepage Journal
        At least Mac users update eventually. Windows users (yes, I am one) apply even old patches in mortal fear that their machines will not function properly. After the last round of "updates" my machine is unable to copy & paste after it has been on for more than about 45 minutes. Another update eliminated the photo viewing tool that had been previously installed with the OS. I need to do a clean install and start over but there isn't time for it now. I will probably just "deal" until I get a new machine. Hopefully that will happen before the end of the year.
        • Another update eliminated the photo viewing tool that had been previously installed with the OS.

          That's not a bug, it's a DRM thing.
    • You are exactly right. I still have the little "update is needed" icon up on my computer at work (Win2000). I just don't feel safe installing those things as soon as they pop up (which is ironic, 'cause that's what everyone was bitching about with the Blaster Worm. "You have to install these things right away". Suuuuure...). Yet I got home last night, checked mail and Slashdot and saw the update. So I promptly prepped my TiBook for the update without even thinking twice about it.

      And here I am back at wor
  • Windows on external displays connected to some PowerBook computers are drawn better.
    The Bluetooth menu bar item works better when a Bluetooth USB adapter is disconnected and reconnected.
    Addresses a situation in which an external FireWire storage device would not become available (mount) and this message would appear: "A disk attempting to mount as 'unknown' has failed. Please use Disk Utility to check the disk."
    Addresses an issue in which some Bluetooth devices may not be available after the computer wakes
    • by heychris ( 587825 ) on Monday September 22, 2003 @06:47PM (#7029399)
      So here's my $50,000 question. Since the newest G4s were supposed to actually have USB 2.0 chipsets in them, but the software was throttling them back to 1.1, does this update magically turn the late G4 MDDs into USB 2.0 machines? CC
      • I don't have any USB 2.0 (high-speed) devices but my Ratoc USB/Firewire combo card has its EHCI device enabled according to ioreg. 10.2.6 showed all devices as OHCI.
      • As another poster alluded to, USB 2.0 != high speed.
        USB 2.0 is a new protocol standard, it happens to have two version (IIRC), standard and fast. You CAN impliment USB 2.0 and only support the older/slower transfer speed.

        For whatever reason, Apple has decided to not use (perhaps not license) the "USB 2.0 (HighSpeed)" logo.
  • by McAddress ( 673660 ) on Monday September 22, 2003 @05:58PM (#7029072)
    I have been waiting to get infected with the blaster worm for several weeks now. Will this uodate open a security hole to allow that to happen?
  • by iradik ( 247593 ) <ossix.ossix@net> on Monday September 22, 2003 @05:59PM (#7029075) Homepage
    [MacLab:~] admin% softwareupdate
    Software Update Tool
    Copyright 2002 Apple Computer, Inc.

    Software Update found the following new or updated software:

    - MacOSXUpdate10.2-10.2.8
    Mac OS X Update (10.2.8), 41552K - restart required
    - iPod201-2.0.1
    iPod Software (2.0.1), 16000K
    - iPod130-1.3
    iPod Software (1.3), 5830K

    To install an update, run this tool with the item name as an argument.
    e.g. 'softwareupdate <item> ...'
  • uptime (Score:4, Funny)

    by edalytical ( 671270 ) on Monday September 22, 2003 @06:02PM (#7029099)
    Given how frequently Apple updates OS X, I'm never going to have an impressive uptime. The last update was what about 2 weeks ago?
    • Re:uptime (Score:4, Informative)

      by CptChipJew ( 301983 ) * <michaelmiller AT gmail DOT com> on Monday September 22, 2003 @06:14PM (#7029180) Journal
      The MacOS 10.2.6 update is a lot older than 2 weeks.

      However, you're right in the sense that these updates don't actually require a restart. They are just doing it "to be sure".
      • Re:uptime (Score:5, Informative)

        by kwerle ( 39371 ) <kurt@CircleW.org> on Monday September 22, 2003 @10:46PM (#7030956) Homepage Journal
        However, you're right in the sense that these updates don't actually require a restart. They are just doing it "to be sure".

        I suppose they could try to kill the old sshd and restart it - but that's more trouble than it's worth.

        As for uptime complaints because of update...

        NEWSFLASH: If you don't wanna lose the uptime, don't update.

        Or do it by hand and don't restart. Or just get a grip and realize that it don't matter.

        I didn't restart for the Java patch...
  • by Froomb ( 100183 ) on Monday September 22, 2003 @06:29PM (#7029262)
    Otherwise no problems with 10.2.8 so far, but must say I miss my invisible dock background.
  • XBench (Score:5, Informative)

    by Nexum ( 516661 ) on Monday September 22, 2003 @06:34PM (#7029299)
    FWIW, my XBench results under 10.2.6 were 69.99. Under 10.2.8 I have 76.3.

    A nice little improvement even if it is a synthetic benchmark it's nice to see Apple striving for optimisation. Hopefully this mindset will be seen in Panther to a much greater degree seeing as being a full .x update the changes to the underlying OS have much greater license.

    -Nex
  • by qengho ( 54305 ) on Monday September 22, 2003 @06:35PM (#7029307)
    A couple of people have reported to XLR8 Your Mac [xlr8yourmac.com] that their M-Audio Revolution 7.1 cards no longer work after the update. One mentions that M-Audio knows about it and is working on a fix.
  • Odd monitor gotcha (Score:5, Informative)

    by thatguywhoiam ( 524290 ) on Monday September 22, 2003 @06:42PM (#7029359)
    Installed 10.2.8 on a 12" PowerBook (aka 'the footlong'), no discernable problems so far.

    An odd thing was that it reset my monitor settings back to 16bit colour ('Thousands'), so you may want to watch out for that. Aqua does such a good job of dithering you probably wouldn't even notice at first.

    Another odd thing was that my display went a little funky when doing the cross-fading desktop pictures just a second ago. Fixed itself after the transition was complete, no idea what that's about.

    If you're superstitious like me don't forget to do the Repair Permissions trick - its the new Rebuild Desktop - although I had no issues there either.

    One last thing, be prepared to have your frickin Keychain pestering you for the next week....

    • by thatguywhoiam ( 524290 ) on Monday September 22, 2003 @06:50PM (#7029420)
      Just replying to my own post with more info...

      The cross-fading desktops feature has a new bug (on a 12" PB anyway) where the secondary monitor - in my case a Sony 17" CRT - screws up the transition effect.

      The PowerBook is running at 1024x768/32bit on its main display, and 1280x1024/32bit on the secondary (NOT mirroring).

      During the crossfade the first picture suddenly appears to squish to have the horizontal resolution, pushed to the left, and the palette gets munged (purple). It snaps back to normal after the fade but it ain't pretty.

    • One (relatively minor) annoyance about Apple updates is they each seem to choose a different system setting to reset. When I installed 10.2.8 on my Dual G4 867 Mirror Door it reset all my screen resolution and position settings. An update on my laptop reset my UI settings. What happened to the Mac attention to detail? All lost in the Unix weenies trying to get the quoting right so they don't erase you hard disk, I imagine.

    • Did similar on my beige G3. Reset my monitor arrangement, resolution, bit depth and "main monitor" settings.

      I frequently run with my secondary monitor turned off, and I was confused when my login screen didn't appear. I force rebooted twice then I finally turned on the second monitor to see the LS there.

      My secondary monitor is on the built-in video port and my primary is on a PCI Radeon 7000.
    • Also have a 12" PB, and on reading your post checked the Display settings and found my display set to Thousands of colors too.

      I am embarassed to think that I didnt notice for a full day!

      So a note to PowerBook users - Check your display settings

      -Nex
  • by Rosyna ( 80334 ) on Monday September 22, 2003 @07:06PM (#7029534) Homepage
    APPLE-SA-2003-09-22 Mac OS X 10.2.8

    Mac OS X 10.2.8 is now available. It contains fixes for recent
    vulnerabilities in:

    OpenSSH: Mac OS X 10.2.8 contains the patches to address CVE
    CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682. On Mac OS X
    versions prior to 10.2.8, the vulnerability is limited to a denial
    of service from the possibility of causing sshd to crash. Each
    login session has its own sshd, so established connections are
    preserved up to the point where system resources are exhausted by
    an attack.

    To deliver the update in a rapid and reliable manner, only the
    patches for CVE IDs listed above were applied, and not the entire
    set of patches for OpenSSH 3.7.1. Thus, the OpenSSH version in
    Mac OS X 10.2.8, as obtained via the "ssh -V" command, is:
    OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL
    0x0090609f

    Sendmail: Addresses CVE CAN-2003-0694 and CAN-2003-0681 to fix a
    buffer overflow in address parsing, as well as a potential buffer
    overflow in ruleset parsing.

    fb_realpath(): Fixes CAN-2003-0466 which is an off-by-one error in
    the fb_realpath() function that may allow attackers to execute
    arbitrary code.

    arplookup(): Fixes CAN-2003-0804. The arplookup() function caches
    ARP requests for routes on a local link. On a local subnet only,
    it is possible for an attacker to send a sufficient number of
    spoofed ARP requests which will exhaust kernel memory, leading to
    a denial of service.
  • by Irevia ( 709321 ) on Monday September 22, 2003 @07:20PM (#7029625)
    If you're not satisfied that it's taken about a week to patch sendmail and OpenSSH, send them feedback [apple.com]. This is what I sent them (although I don't suggest you say exactly the same!):

    I just wanted to make feedback regarding the fact that it's taken a whole week between reports of the OpenSSH and sendmail vulnerabilities and Apple releasing a patch.

    As a long-time Unix user just entering the world of OS X (and mostly enjoying it very much), I wanted to note that the FreeBSD project released patches within 24 hours of initial reports, as did many Linux vendors, and that I would expect faster response time from Apple in the future. Delays have a negative effect on the PR image of Apple as well as being a pain for admins and end users!

    Thanks for taking the time to read this.

    • Complaining about ONE WEEK turnaround. Geeze, don't ever try to get cable TV installed... (grin)
    • I think a week is reasonable if they used the time to do lots of testing. I hate patches that don't work correctly. Ref: what everybody seems to complain about Microsoft patches... they're afraid of them making things worse and breaking stuff.

      A reasonable amount of QA testing goes a long way towards good reliability in my book.

    • Double Checking. (Score:3, Insightful)

      by jellomizer ( 103300 )
      One Week isn't that bad of an update time. I am sure that after they make the change they will check it out to make sure it works on all the platform that OS X runs on. As well configure it to work with OS X settings, Put the files in a way so it can be sent for an update. OpenSSH people have developed their product for BSD and Linux so checking the update takes less time. of OS X Apple probably needs to tweak it a little. And check to make sure it works. Plus I think it was an issue that they had an up

  • Here's the list of official changes to security in 10.2.8 (read it for yourself at security-announce@apple.com [apple.com]):

    APPLE-SA-2003-09-22 Mac OS X 10.2.8

    Mac OS X 10.2.8 is now available. It contains fixes for recent vulnerabilities in:

    OpenSSH: Mac OS X 10.2.8 contains the patches to address CVE CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682. On Mac OS X versions prior to 10.2.8, the vulnerability is limited to a denial of service from the possibility of causing sshd to crash. Each login
  • strings /usr/sbin/sendmail | grep "parseaddr.c,"
    @(#)$Id: parseaddr.c,v 1.4 2003/09/16 20:56:56 rbraun Exp $

    Joy.

  • A good question. (Score:5, Interesting)

    by teamhasnoi ( 554944 ) * <teamhasnoi@@@yahoo...com> on Monday September 22, 2003 @08:26PM (#7030067) Journal
    Here we are (happily) updating our Macs, looking forward to things being fixed, updated and working better, not to mention new features and faster performance.

    Has anyone out there *ever* updated Windows and expected it to *speed up* your computer?

    I look at Windows update with dread - not knowing what evil new EULA, spyware, bugs and exploits await every trip.

    Software Update is something that Apple got *so* right. People *want* to run it. Hell, I check twice a day! Do most Windows users even KNOW about Windows Update??

    Another reason I just gave Apple my money.

    • Hey buddy, don't drink all of the kool-aid! There's more of us here that you should share it with! ;-)

      Seriously, though, Software Update on OS X is loads better than it was on OS9. It was a pig back then - laggy, freezy, crashy. Windows Update in those days was lots better, sad to say.
    • Well.. The only update I have ever done to speed up any of my PCs was to reinstall. However, reinstalling Windows 2000 or newer requires so many reboots to get up-to-date patches it isn't even funny. And, of course, once the OS is installed and configured and the applications running on it, it slows back down to a crawl. I have an IBM thinkpad T30. 2Ghz, 1GB mem, 60GB hd... and when doing anything, it will pause to thrash on the HD. Really sucks when you are doing development work.. I must say, since
  • How can I upgrade without updating iTunes?
    I don't want to lose sharing capabilities
    to upgrade the OS.
    • Drag it out of Applications, if you still don't feel comfortable with that put a copy in an encrypted dmg. When the update is done, just drag it back into place, or another place, I have heard that they can coexist.

      Disclaimer: Not tested, Your mileage may vary.
    • Have you considered just stuffing and archiving your old iTunes, then if it gets replaced without your consent restoring the archive?

      It's a Mac, y'know.

      The limits on iTunes sharing aren't really all that bad, though. You can still have up to 5 LAN users connected to your library.

      If that's not enough, perhaps you should look at the SliMP3 server software. It's meant for controlling the (awesome) SliMP3 [slimp3.com] device, but can also stream whatever you like to whatever address you like via a web-based interface.
    • Keep a copy of the old iTunes app locked away on a disk immage, update and replace.
  • The Belkin USB 2.0 PCI card I put in my Dual-867 PowerMac G4 now works at USB 2.0 speed. I can actually transfer files to my Maxtor external hard drive in a reasonable amount of time. Too bad I already bought a Firewire drive to use instead.

    Apple pioneered the use of USB and Firewire. It's a shame to see they dropped the ball on USB 2 until now.
  • ETHERNET PROBLEM (Score:5, Informative)

    by gidds ( 56397 ) <slashdot&gidds,me,uk> on Monday September 22, 2003 @09:34PM (#7030527) Homepage
    10.2.8 includes a new version of the internal Ethernet driver; many folks have found it stops their Ethernet from working!

    Discussed further here [apple.com]. Respect to Andrew McPherson for coming up with a workaround: make a backup of /System/Library/Extensions/AppleGMACEthernet.kext before upgrading, and restore it afterwards. If you've already upgraded, follow the link for more info.

  • by reiggin ( 646111 ) on Monday September 22, 2003 @09:35PM (#7030538)
    Very small fonts in Safari render MUCH better now. They are actually legible. Must be an improvement to the Webcore. I can now read the positions on my Yahoo! Fantasy Football roster!
  • I was reading on MacFixit's report [macfixit.com] that some users had trouble with the M-Audio Revolution [m-audio.com] PCI sound card.

    What I was wondering, is if anyone here had tried this update with the M-Audio Sonica [m-audio.com] USB device.

    In addition to the overall functionality of this device, does anyone know if the Apple's DVD player in this OS version now supports 5.1 digital audio out? I've been lead to believe it does with PCI card Audio (such as the Revolution above), but it doesn't seem to for USB digital Audio out.

  • Maybe I can ask a Unix neophyte question without getting flamed (this is Slashdot, of course)

    When I first got my PowerBook G4 (17"), it was really fast. Over the months it seemed to get noticeably slower. I always run the CPU monitor in the Dock, and I found that it was becoming more common to see the "Niced" processes appear on the graph, particularly after a reboot, when everything is getting set up.

    As usual, after a system update (like with 10.2.8), it would seem that things would get faster, and I'm n
  • the REAL question is ... is it snappier?

    sorry, i couldn't help it.
  • Seperate updates? (Score:4, Insightful)

    by beattie ( 594287 ) on Tuesday September 23, 2003 @12:10PM (#7035137)
    Why does everything have to be installed as a system upgrade? There should be seperate updates for SSH, Sendmail, System, ... and then you can choose what to install. This makes it easier for people with 10.1 also. As they can just install the SSH and/or Sendmail without needing 10.2 for the System update. Seems pretty basic to me.

If you steal from one author it's plagiarism; if you steal from many it's research. -- Wilson Mizner

Working...