Mac OS X 10.2.8 Available 280
Transfan76 writes "The 10.2.8 Update delivers enhanced functionality and improved reliability for the following applications, services and technologies: Audio, Bluetooth, Classic compatibility, Finder, Graphics, LDAP, Power Management, Safari, and FireWire and USB device compatibility. The update also provides updated security services and includes the latest Security Updates." Does this have the update to ssh?
Yes. (Score:5, Informative)
Re:Yes on SSH (Score:5, Funny)
Congratulations! You win 4 points of karma!
The other players each lose a point each for being redundant. But they do get a copy of the home game!
Re:Yes. (Score:2, Informative)
They're behind by one. See CAN-2003-0695 [mitre.org].
You're behind by two (Score:3, Informative)
Mac OS X 10.2.8
OpenSSH: Addresses CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682 to fix buffer management errors in OpenSSH's sshd versions prior to 3.7.1
sendmail: Addresses CAN-2003-0694 and CAN-2003-0681 to fix a buffer overflow in address parsing, as well as a potential buffer overflow in ruleset parsing.
fb_realpath(): Fixes CAN-2003-0466 which is an off-by-one error in the fb_realpath() function that may allow attackers to execute arbitrary code.
arplookup(): Fix
Re:Yes. (Score:2, Insightful)
I really must say that Apple putting a security patch and a feature update together in the same download is really horrible. We have been justifiable criticizing MS for doing the same things, and they finally got the message.
With the Software Update interface in OS X such combinations are unnecessary. All updates are automatically checked, so there is no extr
Re:Yes. (Score:2)
That's what a lot of us did.
Same as G5s (Score:5, Informative)
Not for G5 per Apple (Score:4, Informative)
TOPIC [apple.com]
This software updates Mac OS X 10.2.6 or 10.2.7 to version 10.2.8.
Important: This update works only with Power Mac G3- and G4-based desktop and portable computers, including iMac, eMac, and iBook. This update does not work with Power Mac G5 computers.
Re:Not for G5 per Apple (Score:2)
Re:Not for G5 per Apple (Score:2)
The question now is when is 10.2.8 coming to the G5 to fix the SSH issue?
Re:Not for G5 per Apple (Score:2)
I agree
Re:Not for G5 per Apple (Score:2, Informative)
The G5 one is "10.2.7 (G5)" and the one for the new PowerBooks is simply "10.2.7".
Updated SSH (Score:2, Informative)
Soooo, I'd have to guess that, yes, it is fixed.
Re:Updated SSH (Score:4, Interesting)
Powerbook G4 1ghz [amazon.com]
The SSH version (Score:2, Informative)
The version string changes to:
OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL 0x0090609f
From:
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090609f
So it's still 3.4, but it looks like they added some patch.
Re:The SSH version (Score:5, Informative)
Yep, according to this technote [apple.com] it's *the* update to ssh:
Combined Update and More Info (Score:2)
YAY Update :) (Score:4, Insightful)
And how many thought the same when the latest Windows Bloat Patch ^W^WUpdate came along? not many? thought as much
oh the joys of being a proud owner or a 12" PB.....
hmm maybe I need to update my
Re:YAY Update :) (Score:5, Insightful)
I dunno -- some of us who remember the iTunes updater fiasco like to wait a day or two before applying patches and updates. If there's a disaster out there, let it be someone else who stumbles across it. Same for Linux kernels, new versions in emerge (do I really need a new point release of awk this minute) and anything else.
I mean, I get your point but Mac users do get burned too, and I'd rather it's you than me.
Re:YAY Update :) (Score:4, Interesting)
Re:YAY Update :) (Score:3, Funny)
That's not a bug, it's a DRM thing.
Re:YAY Update :) (Score:2)
Since you are able to have your machine magically from from one update to another, please tell me this: Why is it that svchost.exe crashes within 45 minutes of loggin in now, even if I do NOTH
Re:Updates that work (Score:2)
Re:YAY Update :) (Score:2)
Mac at home, PC at work...you're right (Score:2)
And here I am back at wor
from tech article... (Score:2)
The Bluetooth menu bar item works better when a Bluetooth USB adapter is disconnected and reconnected.
Addresses a situation in which an external FireWire storage device would not become available (mount) and this message would appear: "A disk attempting to mount as 'unknown' has failed. Please use Disk Utility to check the disk."
Addresses an issue in which some Bluetooth devices may not be available after the computer wakes
Re:from tech article... (Score:5, Interesting)
Re:Enables USB 2.0 (Score:2)
Re:from tech article... (Score:3, Informative)
USB 2.0 is a new protocol standard, it happens to have two version (IIRC), standard and fast. You CAN impliment USB 2.0 and only support the older/slower transfer speed.
For whatever reason, Apple has decided to not use (perhaps not license) the "USB 2.0 (HighSpeed)" logo.
Re:from tech article... (Score:2)
But apparently not the FAQ [slashdot.org].
where's blaster? (Score:5, Funny)
It's coming. Just hold your horses... (Score:2)
command line software update (Score:4, Informative)
uptime (Score:4, Funny)
Re:uptime (Score:4, Informative)
However, you're right in the sense that these updates don't actually require a restart. They are just doing it "to be sure".
Re:uptime (Score:5, Informative)
I suppose they could try to kill the old sshd and restart it - but that's more trouble than it's worth.
As for uptime complaints because of update...
NEWSFLASH: If you don't wanna lose the uptime, don't update.
Or do it by hand and don't restart. Or just get a grip and realize that it don't matter.
I didn't restart for the Java patch...
Re:uptime (Score:5, Informative)
Re:uptime (Score:5, Informative)
upgrades have involved reboots in the past because, to improve performace, Apple has implemented part of iTunes as kernel extensions, and any tampering with the kernel requires a fresh boot to ensure stability. Other updates may have been done out of ignorance or habit, but in the case of the iApps, the reboots have generally been unavoidable.
That said, did the 10.2.8 update involve any kernel changes? It's been long enough that there could be a point release to the kernel itself by now, not to mention any other updated kernel extensions. I haven't yet had a chance to inspect the bill of materials (hint: lsbom /Library/Receipts/fooApp.pkg to learn what was updated in a given package), but if anything in there touched the kernel, then a reboot really does has to happen.
Re:uptime (Score:3, Insightful)
You CAN do kernel changes to some degree and not restart the machine, look at SUN and Soalris.
Re:uptime (Score:4, Informative)
Re:uptime (Score:2)
Transparent dock now gone (Score:4, Interesting)
Re:Transparent dock now gone (Score:2)
Re:Transparent dock now gone (Score:2)
Re:Transparent dock now gone (Score:2)
Re:Transparent dock now gone (Score:2)
XBench (Score:5, Informative)
A nice little improvement even if it is a synthetic benchmark it's nice to see Apple striving for optimisation. Hopefully this mindset will be seen in Panther to a much greater degree seeing as being a full
-Nex
Breaks M-Audio Revolution 7.1 (Score:4, Informative)
Re:Breaks M-Audio Revolution 7.1 (Score:2)
Odd monitor gotcha (Score:5, Informative)
An odd thing was that it reset my monitor settings back to 16bit colour ('Thousands'), so you may want to watch out for that. Aqua does such a good job of dithering you probably wouldn't even notice at first.
Another odd thing was that my display went a little funky when doing the cross-fading desktop pictures just a second ago. Fixed itself after the transition was complete, no idea what that's about.
If you're superstitious like me don't forget to do the Repair Permissions trick - its the new Rebuild Desktop - although I had no issues there either.
One last thing, be prepared to have your frickin Keychain pestering you for the next week....
more on x-fading pics (Score:5, Informative)
The cross-fading desktops feature has a new bug (on a 12" PB anyway) where the secondary monitor - in my case a Sony 17" CRT - screws up the transition effect.
The PowerBook is running at 1024x768/32bit on its main display, and 1280x1024/32bit on the secondary (NOT mirroring).
During the crossfade the first picture suddenly appears to squish to have the horizontal resolution, pushed to the left, and the palette gets munged (purple). It snaps back to normal after the fade but it ain't pretty.
Re:Odd monitor gotcha (Score:2)
Re:Odd monitor gotcha (Score:2)
I frequently run with my secondary monitor turned off, and I was confused when my login screen didn't appear. I force rebooted twice then I finally turned on the second monitor to see the LS there.
My secondary monitor is on the built-in video port and my primary is on a PCI Radeon 7000.
Re:Odd monitor gotcha (Score:2)
I am embarassed to think that I didnt notice for a full day!
So a note to PowerBook users - Check your display settings
-Nex
All Recent Security Updates (Score:5, Informative)
Mac OS X 10.2.8 is now available. It contains fixes for recent
vulnerabilities in:
OpenSSH: Mac OS X 10.2.8 contains the patches to address CVE
CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682. On Mac OS X
versions prior to 10.2.8, the vulnerability is limited to a denial
of service from the possibility of causing sshd to crash. Each
login session has its own sshd, so established connections are
preserved up to the point where system resources are exhausted by
an attack.
To deliver the update in a rapid and reliable manner, only the
patches for CVE IDs listed above were applied, and not the entire
set of patches for OpenSSH 3.7.1. Thus, the OpenSSH version in
Mac OS X 10.2.8, as obtained via the "ssh -V" command, is:
OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL
0x0090609f
Sendmail: Addresses CVE CAN-2003-0694 and CAN-2003-0681 to fix a
buffer overflow in address parsing, as well as a potential buffer
overflow in ruleset parsing.
fb_realpath(): Fixes CAN-2003-0466 which is an off-by-one error in
the fb_realpath() function that may allow attackers to execute
arbitrary code.
arplookup(): Fixes CAN-2003-0804. The arplookup() function caches
ARP requests for routes on a local link. On a local subnet only,
it is possible for an attacker to send a sufficient number of
spoofed ARP requests which will exhaust kernel memory, leading to
a denial of service.
tell apple you're not satisfied with patch time (Score:4, Interesting)
Re:tell apple you're not satisfied with patch time (Score:3, Funny)
Re:tell apple you're not satisfied with patch time (Score:2, Insightful)
A reasonable amount of QA testing goes a long way towards good reliability in my book.
Double Checking. (Score:3, Insightful)
Apple Security Mailing List (Score:2, Redundant)
Here's the list of official changes to security in 10.2.8 (read it for yourself at security-announce@apple.com [apple.com]):
APPLE-SA-2003-09-22 Mac OS X 10.2.8
Mac OS X 10.2.8 is now available. It contains fixes for recent vulnerabilities in:
OpenSSH: Mac OS X 10.2.8 contains the patches to address CVE CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682. On Mac OS X versions prior to 10.2.8, the vulnerability is limited to a denial of service from the possibility of causing sshd to crash. Each login
sendmail was patched as well (Score:2)
@(#)$Id: parseaddr.c,v 1.4 2003/09/16 20:56:56 rbraun Exp $
Joy.
A good question. (Score:5, Interesting)
Has anyone out there *ever* updated Windows and expected it to *speed up* your computer?
I look at Windows update with dread - not knowing what evil new EULA, spyware, bugs and exploits await every trip.
Software Update is something that Apple got *so* right. People *want* to run it. Hell, I check twice a day! Do most Windows users even KNOW about Windows Update??
Another reason I just gave Apple my money.
Re:A good question. (Score:2)
Seriously, though, Software Update on OS X is loads better than it was on OS9. It was a pig back then - laggy, freezy, crashy. Windows Update in those days was lots better, sad to say.
Re:A good question. (Score:2, Funny)
Perhaps of more interest than ssh... (Score:2)
I don't want to lose sharing capabilities
to upgrade the OS.
Re:Perhaps of more interest than ssh... (Score:2)
Disclaimer: Not tested, Your mileage may vary.
Re:Perhaps of more interest than ssh... (Score:2)
It's a Mac, y'know.
The limits on iTunes sharing aren't really all that bad, though. You can still have up to 5 LAN users connected to your library.
If that's not enough, perhaps you should look at the SliMP3 server software. It's meant for controlling the (awesome) SliMP3 [slimp3.com] device, but can also stream whatever you like to whatever address you like via a web-based interface.
Re:Perhaps of more interest than ssh... (Score:2)
Re:Not just sharing... (Score:2)
USB 2.0 Finally Works (Score:2, Informative)
Apple pioneered the use of USB and Firewire. It's a shame to see they dropped the ball on USB 2 until now.
ETHERNET PROBLEM (Score:5, Informative)
Discussed further here [apple.com]. Respect to Andrew McPherson for coming up with a workaround: make a backup of /System/Library/Extensions/AppleGMACEthernet.kext before upgrading, and restore it afterwards. If you've already upgraded, follow the link for more info.
Re: ETHERNET PROBLEM (Score:2)
Re: ETHERNET PROBLEM (Score:3, Informative)
Small Fonts in Safari (Score:5, Informative)
M-Audio problems? (Score:2)
What I was wondering, is if anyone here had tried this update with the M-Audio Sonica [m-audio.com] USB device.
In addition to the overall functionality of this device, does anyone know if the Apple's DVD player in this OS version now supports 5.1 digital audio out? I've been lead to believe it does with PCI card Audio (such as the Revolution above), but it doesn't seem to for USB digital Audio out.
This took me forever to find, for some reason. (Score:2, Informative)
Question: Not nice (Score:2)
When I first got my PowerBook G4 (17"), it was really fast. Over the months it seemed to get noticeably slower. I always run the CPU monitor in the Dock, and I found that it was becoming more common to see the "Niced" processes appear on the graph, particularly after a reboot, when everything is getting set up.
As usual, after a system update (like with 10.2.8), it would seem that things would get faster, and I'm n
Re:Question: Not nice (Score:2)
Sure, SSH was fixed, but the REAL question... (Score:2)
sorry, i couldn't help it.
Seperate updates? (Score:4, Insightful)
Re:I HATE MAC'S (Score:3)
On a TiBook:
You remove eight screws, a piece of metal, and it should click in easily. Albeit it is even easier in an iBook, where you don't even have to deal with screws.
Re:I HATE MAC'S (Score:2)
Except the little plastic screw between F5 and F6 that fixes the keyboard (some people have it constantly unfixed; oddly enough, the same people complain about keyboard scratches on the screen). But still, it's a task as sophisticated as opening a beer can.
Re:I HATE MAC'S (Score:3, Funny)
Computer guy eh? Let me ask you a question....
I was writing a paper, on my PC when it went beepbeepbeepbeepbeepbeepbeep, and like half of my paper was gone!
What do you think the problem is?
Re:I HATE MAC'S (Score:4, Funny)
I called Apple and they said that that wasn't covered under Applecare! I have a paper due, and have 16.5 million colors to put back! Your problems don't amount to a hill of beans, Mister!
Re:I HATE MAC'S (Score:3, Informative)
But Apple has made these cards default in the newer
Re:I HATE MAC'S (Score:4, Informative)
Oh, by the way, the "easily accessed" slot is on the side, just where it is on a PC, and accepts standard wireless cards. The Airport card is for people who don't want to be bothered unplugging their wireless card every time they want to to put something else in that slot.
Re:Where is 10.1.6?? (Score:2)
Re:Where is 10.1.6?? (Score:5, Insightful)
That misses the point entirely.
I recommended purchase of a Mac in our office recently, due to the fact it could handle both the graphic design and web/mail serving requirements. My boss knows about Jaguar, but his opinion is that he shouldn't have to upgrade only a year after purchasing the Mac - he has a point, surely?
Re:Where is 10.1.6?? (Score:2)
1) This is not a "critical update" by any stretch of the imagination. It makes a DoS attack easy, it is not a root exploit.
2) People who are running the default installation of sshd and who are dependent on the default installation sshd are primarily going to be home users, who are in the lowest risk category for being attacked by a DoS.
In short: If you are using OpenSSH seriously in a business or school environment, you should either are running your own copy (from OpenS
Re:Where is 10.1.6?? (Score:3, Insightful)
Re:Where is 10.1.6?? (Score:2)
Re:Where is 10.1.6?? (Score:2)
Re:Hey, what happened to 10.2.7? (Score:2, Informative)
Apple says (http://docs.info.apple.com/article.html?artnum=8
Don't use the 10.2.7 CDsthat come with the G5 macs on normal macs, it's g5 only.
Re:Hey, what happened to 10.2.7? (Score:2, Funny)
Re:Hey, what happened to 10.2.7? (Score:2)
This person very well could have used the install CDs that came with a G5.
Re:Hey, what happened to 10.2.7? (Score:2)
Re:AHHHH (Score:3, Interesting)
Re:Security (Score:2)
Re:A standalone installer? (Score:2)
For those who have problems with the update, running the combo updater frequently fixes them.
And, don't forget to repair permissions with Disk Utility after installing this update!
Re:A 40 MB Security Update?? (Score:2)
I know, i know, don't feed the trolls....