Security Update 2004-09-07 77
sizemoresr writes "Security Update 2004-09-07 delivers a number of security enhancements and is recommended for all users of Mac OS X 10.2.8 and later. This update includes the following components: CoreFoundation, IPSec, Kerberos, libpcap, lukemftpd, NetworkConfig, OpenLDAP, OpenSSH, PPPDialer, rsync, Safari and tcpdump."
Post Install Experiences Here... (Score:4, Funny)
;^)
Re:Post Install Experiences Here... (Score:2)
Re:Post Install Experiences Here... (Score:5, Informative)
Installed.
Optimized...............
Restarted.
Checked email.
Posted comment.
(dual 1.8 G5)
Re:Post Install Experiences Here... (Score:5, Funny)
So, seems to be working okay - haven't noticed any other differences, and it's just as stable as it was before. Kind of disappointing, really...
Re:Post Install Experiences Here... (Score:5, Funny)
Re:Post Install Experiences Here... (Score:4, Funny)
Re:Post Install Experiences Here... (Score:2, Funny)
Been playing Doom 3 much lately, have we? ;)
(Yes, I know it's not out for OS X yet; some of us have Apple laptops and PC desktops.)Re:Post Install Experiences Here... (Score:5, Funny)
Re:Post Install Experiences Here... (Score:2)
Re:Post Install Experiences Here... (Score:4, Funny)
Attention Windows-Lovin' Flamers and Trolls:
This is a joke. Maybe not a super funny joke, but a joke. So, don't get your shorts in a twist over it. Take a deep breath...Hold it...Keep holding it....Aaaaaand release.
Re:Post Install Experiences Here... (Score:2)
*PAAARRRP!!!*
Ooops!
Re:Post Install Experiences Here... (Score:1)
yo! (Score:2)
Re:Post Install Experiences Here... (Score:2)
Re:Post Install Experiences Here... (Score:2)
Doom4 is available already?
and for the mac?
Re:Post Install Experiences Here... (Score:1, Redundant)
Apple's forced upgrade plans (Score:5, Funny)
The update IS for 10.2 and 10.3 users? Oh. Good then. I don't really feel like deleting the other stuff I wrote. Good to get it out of the way anyway, I guess.
Thanks Apple!
Re:Apple's forced upgrade plans (Score:4, Funny)
Please read comments before moderating them.
Thanks,
Someone with a sense of humor
Re:Apple's forced upgrade plans (Score:1)
Re:Apple's forced upgrade plans (Score:5, Funny)
I can't believe that Apple has 10.2 users. Nice to see that they are expanding the user base.
Re:Apple's forced upgrade plans (Score:2)
Re:AH. Refreshing. (Score:5, Insightful)
Re:AH. Refreshing. (Score:2)
Perhaps, if a little pretentious.
However it seems that 'insightful' is something that can be obtained by simply reciting some platitudes utterly lacking in insight that pander to the mods' prejudices.
I really can't see that your post added anything very much at all to the discussion.
It's 3 o Clock and all's well (Score:5, Funny)
Worth noting this time... (Score:5, Informative)
From apple's Security Announce list:
Given the relatively recent release of the Mac OS X v10.3.5 Software
Update, this security update is available for both Mac OS X v10.3.4
and Mac OS X v10.3.5. Customers who are still evaluating Mac OS X
v10.3.5 for large-scale deployment can apply the security update for
Mac OS X v10.3.4 to increase the security of their systems during the
evaluation period. After updating to Mac OS X v10.3.5, Security
Update 2004-09-07 should be installed onto Mac OS X v10.3.5 even if it
was previously installed on a Mac OS X v10.3.4 system.
From memory some of the other security updates could be put on before the release they came with, but I wouldn't trust just my memory as far as I could throw it. Anyway, it's specifically noted this time.
Re:Worth noting this time... (Score:5, Interesting)
So Apple have released a security update for both 10.3.4 and 10.3.5 which might imply (either/or):
- there is a major customer who has not moved to 10.3.5 and they need these security fixes
- perhaps they recognize that many xServe admins have not moved up to 10.3.5 yet.
- Apple recognizes there is a reason people are not moving from 10.3.4 to 10.3.5 (what might that be?)
Anyone know the real answer? Inquiring minds and all that.Re:Worth noting this time... (Score:2)
Open mailbox.
The mailbox is open.
Examine mailbox.
You see a letter inside the mailbox
Read letter.
Congratulations! You installed the security fix and nothing broke!
Shrug shoulders. Get on to other computer related stuff.
Safari bug still there (Score:5, Informative)
Thought you logged out of your super secret intranet page - no you didnt...
Re:Safari bug still there (Score:2, Interesting)
Re:Safari bug still there (Score:1)
Re:Safari bug still there (Score:3, Insightful)
Re:Safari bug still there (Score:5, Informative)
Should be out in a few weeks I think.
Re:Safari bug still there (Score:2)
Surely your server isn't as security unconscious as to trust the client to know whether or not it is still logged in. The server should be tracking that itself.
Re:Safari bug still there (Score:2)
If the developers of your "super secret intranet" are using persistent cookies to track logins they should be shot. Merely quitting your browser application (not closing a window and leaving Safari running) should be sufficient to terminate a logged in session.
Re:Safari bug still there (Score:2)
Webpages not rendering correctly (Score:2, Informative)
You may just want to wait a bit
Keep on Folding! Team MaC OS X rocks! Join Us!
Re:Webpages not rendering correctly (Score:3, Informative)
Mason-powered site showcase: Utah Homes Now.com [utahhomesnow.com]
That was my sig.
Re:Webpages not rendering correctly (Score:3, Informative)
--MW
Re:Webpages not rendering correctly (Score:2)
That was my sig.
That's not much of a showcase [utahhomesnow.com], bro.
Re:Webpages not rendering correctly (Score:5, Informative)
OpenCube's Visual QuickMenu (Score:1, Informative)
Other sites that aren't rendering correctly:
http://www.subaru.com/ [subaru.com]
http://www.memcorpinc.com/ [memcorpinc.com]
Re:OpenCube's Visual QuickMenu (Score:2)
A subsequent reissue of the Security Update [apple.com] fixes this (and the FTP daemon problem). (That page refers to the 10.3.4 client version of OS X, but it later says "Security Update 2004-09-07 v1.1 is available for Mac OS X v10.2.8, Mac OS X v10.3.4, Mac OS X v10.3.5, Mac OS X Server v10.2.8, Mac OS X Server v10.3.4, and Mac OS X Server v10.3.5".)
Re:Webpages not rendering correctly (Score:2, Interesting)
rsync? (Score:5, Interesting)
On 10.2?
Yay! I've been trying to get BackupPC [sf.net] to backup our XServe with no luck at all to this point. Finally! I had tried compiling from sources and from Fink and both failed miserably. Something about an OS-specific bug. w00t!
Re:rsync? (Score:5, Informative)
I use the rsync available here [macosxlabs.org] because it includes support for HFS+ volumes, meaning it will preserve resource forks. It installs to /usr/local/bin so it doesn't overwrite the existing rsync at /usr/bin. You need to have it installed on all OS X machines that you are syncing between.
To rsync data that includes files with resource forks from a remote server to a local server via ssh, use something like this:
<user>@<remoteserver>:<path> <localpath>
The --eahfs switch is what tells it to preserve resource forks.
killed incoming ftp (Score:5, Informative)
There are a few reports about it on Apple's discussions [apple.com] site.
The workaround suggested in the above link is to revert to the original ftpd supplied with Panther/Jaguar using the OS X install discs and a tool like Pacifist - though I'm trying to look at the glass as half-full and use this as the kick in the pants I need to start using sftp instead..
Re:killed incoming ftp (Score:5, Informative)
Re:killed incoming ftp (Score:5, Informative)
Looks like ftpd was compiled with /usr/etc as its configuration directory, rather than /etc. If you create /usr/etc and copy /etc/ftpusers to /usr/etc/ftpusers, it seems to work.
Re:killed incoming ftp (Score:3, Informative)
Then, you just get a symbolic link (alias) to the path at the other location, and it will pick up any future updates that come your way.
Re:killed incoming ftp (Score:4, Informative)
(Actually, I'm using my patched ftpd, so I don't need /usr/etc in any case).
Re:killed incoming ftp (Score:5, Informative)
cd /usr/libexec && cp -p ftpd ftpd.orig && printf '/etc\0' | dd of=ftpd bs=1 seek=100252 conv=notrunc
Re:killed incoming ftp (Score:2)
Re:killed incoming ftp (Score:2)
A subsequent reissue of the Security Update [apple.com] fixes this (and the Safari problem with sites using OpenCube's menu stuff). (That page refers to the 10.3.4 client version of OS X, but it later says "Security Update 2004-09-07 v1.1 is available for Mac OS X v10.2.8, Mac OS X v10.3.4, Mac OS X v10.3.5, Mac OS X Server v10.2.8, Mac OS X Server v10.3.4, and Mac OS X Server v10.3.5".)
Does IPSecuritas still work? (Score:2)
Not recommended for G4 users, G5 seems ok... (Score:4, Informative)
http://www.fedex.com/ [fedex.com]
http://www.compusa.com/ [compusa.com]
http://www.bestbuy.com/ [bestbuy.com]
I'm sure there are many others. G5 systems do not appear to be affected. G4s are.
As noted on http://docs.info.apple.com/article.html?artnum=61
Component: Safari
CVE-ID: CAN-2004-0361
Available for: Mac OS X 10.2.8, Mac OS X Server 10.2.8
Impact: A JavaScript array of negative size can cause Safari to access out of bounds memory resulting in an application crash.
Description: Storing objects into a JavaScript array allocated with negative size can overwrite memory. Safari now stops processing JavaScript programs if an array allocation fails.
This security enhancement was previously made available in Safari 1.0.3, and is being applied inside the Mac OS X 10.2.8 operating system as an extra layer of protection for customers who have not installed that version of Safari. This is a specific fix for Mac OS X 10.2.8 and the issue does not exist in Mac OS X 10.3 or later systems.
----
This particular fix is specific to 10.2.8 and NOT 10.3 or later, yet appears it may install with the 10.3.x update. This could well be the cause of the problems. This is further supported by the fact that all of the known sites that fail to render properly use JavaScript 1.2 extensively.
Word is the Safari team is aware of the problem and working on it.
Re:Not recommended for G4 users, G5 seems ok... (Score:5, Informative)
...and if those sites update the version of OpenCube's QuickMenu Pro that they're using, to fix the browser type/version check, they'll probably be usable again. See the 9/8/04 item on this site [hyperjeff.net] and a 9/8/04 item on this site [xlr8yourmac.com].
mod parent up (Score:3, Informative)
Re:Not recommended for G4 users, G5 seems ok... (Score:3, Interesting)
The problem exists in QuickMenuPro, a javascript suite that many big sites use. The company that makes it has already posted a patch which, I'm sure, the affected sites will take months to deploy.
With this latest information in mind, it is probably safe to go ahead and install the security patch on a G4... at least as long as you can wait for any of the affected sites to post the patch. If you can't, hold off until they do.
Re:Not recommended for G4 users, G5 seems ok... (Score:1)
Re:Not recommended for G4 users, G5 seems ok... (Score:1)
Swap file bug not fixed? (Score:3, Informative)
That's a serious issue that I expected to be fixed soon.
rsyncX (Score:5, Informative)
Web site display is not Apples fault, see here!! (Score:5, Informative)
http://osx.hyperjeff.net
Good catch Jeff!!
I broke my FTP Access (Score:1)
FTP fux (Score:5, Informative)
sudo ln -s
As someone pointed out above, Apple mucked up the ftpd compile and made the ftp daemon look in