Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Mac OS X 10.2.8 Update
- Thread starter MacRumors
- Start date
- Sort by reaction score
from the Apple Security list:
Mac OS X 10.2.8 is now available. It contains fixes for recent
vulnerabilities in:
OpenSSH: Mac OS X 10.2.8 contains the patches to address CVE
CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682. On Mac OS X
versions prior to 10.2.8, the vulnerability is limited to a denial
of service from the possibility of causing sshd to crash. Each
login session has its own sshd, so established connections are
preserved up to the point where system resources are exhausted by
an attack.
To deliver the update in a rapid and reliable manner, only the
patches for CVE IDs listed above were applied, and not the entire
set of patches for OpenSSH 3.7.1. Thus, the OpenSSH version in
Mac OS X 10.2.8, as obtained via the "ssh -V" command, is:
OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL
0x0090609f
Sendmail: Addresses CVE CAN-2003-0694 and CAN-2003-0681 to fix a
buffer overflow in address parsing, as well as a potential buffer
overflow in ruleset parsing.
fb_realpath(): Fixes CAN-2003-0466 which is an off-by-one error in
the fb_realpath() function that may allow attackers to execute
arbitrary code.
arplookup(): Fixes CAN-2003-0804. The arplookup() function caches
ARP requests for routes on a local link. On a local subnet only,
it is possible for an attacker to send a sufficient number of
spoofed ARP requests which will exhaust kernel memory, leading to
a denial of service.
[snip]
info will be posted here:
http://www.apple.com/support/security/security_updates.html
Mac OS X 10.2.8 is now available. It contains fixes for recent
vulnerabilities in:
OpenSSH: Mac OS X 10.2.8 contains the patches to address CVE
CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682. On Mac OS X
versions prior to 10.2.8, the vulnerability is limited to a denial
of service from the possibility of causing sshd to crash. Each
login session has its own sshd, so established connections are
preserved up to the point where system resources are exhausted by
an attack.
To deliver the update in a rapid and reliable manner, only the
patches for CVE IDs listed above were applied, and not the entire
set of patches for OpenSSH 3.7.1. Thus, the OpenSSH version in
Mac OS X 10.2.8, as obtained via the "ssh -V" command, is:
OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL
0x0090609f
Sendmail: Addresses CVE CAN-2003-0694 and CAN-2003-0681 to fix a
buffer overflow in address parsing, as well as a potential buffer
overflow in ruleset parsing.
fb_realpath(): Fixes CAN-2003-0466 which is an off-by-one error in
the fb_realpath() function that may allow attackers to execute
arbitrary code.
arplookup(): Fixes CAN-2003-0804. The arplookup() function caches
ARP requests for routes on a local link. On a local subnet only,
it is possible for an attacker to send a sufficient number of
spoofed ARP requests which will exhaust kernel memory, leading to
a denial of service.
[snip]
info will be posted here:
http://www.apple.com/support/security/security_updates.html
Holy #$%$ it fixed my external Firewire drive
I've had an external Firewire Drive sitting on my shelf.. that would never work.. I read this update might could fix such things.. and sure enough BAM there it is !
I thought maybe it was defective or the drive was a lost cause. Certainly makes this update worth it to me.
I've had an external Firewire Drive sitting on my shelf.. that would never work.. I read this update might could fix such things.. and sure enough BAM there it is !
I thought maybe it was defective or the drive was a lost cause. Certainly makes this update worth it to me.
Re: Finally
I'm just curious what's happenin' on the iBook-support side of things.
TIA
WM
What vintage is your iBook? I have an old one; I don't think I'm experiencing any clicking, although it would probably be drowned out by the hard drive (it's a 6 GB Travelstar...).
I'm just curious what's happenin' on the iBook-support side of things.
TIA
WM
Any way to just get the Safari update?
I'm on a 500Mhz iBook, and don't really want a slower OS.
I'm on a 500Mhz iBook, and don't really want a slower OS.
Yes it is necessary.
If a website specify targets one browser only, then YES, it does SUCK.
The internet is meant to be platform independent. It takes the piss when a company, such as Microsoft, use their influence to force the internet into a platform, or, any software.
So again, YES it is necessary to say the site may suck. A website should be tested to ensure it works on W3C compliant browsers.
If a website specify targets one browser only, then YES, it does SUCK.
The internet is meant to be platform independent. It takes the piss when a company, such as Microsoft, use their influence to force the internet into a platform, or, any software.
So again, YES it is necessary to say the site may suck. A website should be tested to ensure it works on W3C compliant browsers.
Re: Re: Finally
It's a 700MHz. And the sound would come out of the speakers. And, it would come through headphones if you plugged those in, and stop coming through the speakers. I'm not sure where the default was, but it's very surprising that it was on the software end of things. I assumed it was something wrong internally with just my machine.
It's a 700MHz. And the sound would come out of the speakers. And, it would come through headphones if you plugged those in, and stop coming through the speakers. I'm not sure where the default was, but it's very surprising that it was on the software end of things. I assumed it was something wrong internally with just my machine.
I would try it. It seems that G4 people are whining, but I'm on a 400mhz g3 and to me it seems noticeably quicker.
Server version now
I tried about 10 minutes ago and nothing for Server. I figured it would be in a day or two, but I gave it another shot just now (about 8:10pm) and there it was!
Just FYI for everyone running Server out there.
I tried about 10 minutes ago and nothing for Server. I figured it would be in a day or two, but I gave it another shot just now (about 8:10pm) and there it was!
Just FYI for everyone running Server out there.
Re: Re: Re: Finally
Yeah, I thought it was a hardware problem too. I haven't heard it since installing the update, so hopefully it's gone for good
Yeah, I thought it was a hardware problem too. I haven't heard it since installing the update, so hopefully it's gone for good
Definitely worth it...for a few things
I think so, particularly for the security updates (ssh, sendmail) and the described bluetooth updates.
I think the Bluetooth updates will be useful for the updates to iSynch etc....just a guess.
I think so, particularly for the security updates (ssh, sendmail) and the described bluetooth updates.
I think the Bluetooth updates will be useful for the updates to iSynch etc....just a guess.
Re: What Version Safari
One small thing with my 12"pBook: I have a 17" LCD (no Apple :-() which is to the left of my pBook. After installing the update, OS X apparently expected me to have changed sides. It put the additional destop area to the right of my pBook. Only found it out after getting mad that my cursor wouldn't go from my 17" LCD to my pBook the usual route. i tossed my mouse on the desk angrily and there it was... it 'bounced' of the 17" LCD onto the pBook on the other side. Weird change...
And another: after running the update and restarting the pBook fell asleep with the fan running. Wouldn't wake up. I had to press the power button for a few seconds to reboot it. Hasn't happened again...
BTW the Keyboard pref pane now has bluetooth stuff - batt. level and such.
M.
Yup, my Safari changed from v85 to v85.5
One small thing with my 12"pBook: I have a 17" LCD (no Apple :-() which is to the left of my pBook. After installing the update, OS X apparently expected me to have changed sides. It put the additional destop area to the right of my pBook. Only found it out after getting mad that my cursor wouldn't go from my 17" LCD to my pBook the usual route. i tossed my mouse on the desk angrily and there it was... it 'bounced' of the 17" LCD onto the pBook on the other side. Weird change...
And another: after running the update and restarting the pBook fell asleep with the fan running. Wouldn't wake up. I had to press the power button for a few seconds to reboot it. Hasn't happened again...
BTW the Keyboard pref pane now has bluetooth stuff - batt. level and such.
M.
i don't really have much room to argue, seeing that i am fortunate enough to own a g5, but has anyone heard of any possible security or safari updates that will be made available to us g5 owners that can't upgrade to 10.2.8?
Re: Re: Re: Finally
Congratulations on your newly quiet 'Book!
WM
OK, thanks. I'm pretty sure I'm not experiencing that, even with the HD noise from hell.... It must only affect newer ones (mine's a 366, no FireWire). I agree that it's pretty weird for a software bug...
Congratulations on your newly quiet 'Book!
WM
Re: Re: Re: What Version Safari
Yup. I just checked - it stays the right way (my right way anyway) too. It just imposed new defaults once, apparently.
M.
Yup. I just checked - it stays the right way (my right way anyway) too. It just imposed new defaults once, apparently.
M.
Seems that only a javascript of css fix would be necessary. Safari does a good job on almost every site I've been too.
Software Install Crash
I was installing the OS update. While it was installing, I tried scrolling down the text on the install window that describes the install. Once done scrolling down the darned thing would bounce back to the top of the text. After trying to scroll down a few times Software Update crashed.
The download was not complete but "about this mac" states that it is 10.2.8. If I go back to software update, the 10.2.8 update is no longer available (along with several other things that I did not even choose to download, such as Airport and Blue tooth stuff). Any suggestions on what I should do?
I was installing the OS update. While it was installing, I tried scrolling down the text on the install window that describes the install. Once done scrolling down the darned thing would bounce back to the top of the text. After trying to scroll down a few times Software Update crashed.
The download was not complete but "about this mac" states that it is 10.2.8. If I go back to software update, the 10.2.8 update is no longer available (along with several other things that I did not even choose to download, such as Airport and Blue tooth stuff). Any suggestions on what I should do?
Re: No server version yet
I am downloading it on my server right now. The interesting thing is that it is 2 MB smaller for the Server..
I am downloading it on my server right now. The interesting thing is that it is 2 MB smaller for the Server..
I just checked the 10.2.8 .pkg file with Pacifist, and it includes the following:
By the way, what's the AppleFan.kext extension for?? I'm guessing it has something to do with controlling the fan speed. (I really dont know....)
- Applications
-Safari
-Utilities
Airport Admin Utility
Airport Setup Assistant
Bluetooth File Exchange
Bluetooth Serial Utility
Bluetooth Setup Assistant
Key Caps
Library
-Documentation
Help
-Airport Help
-Fonts
Chalkboard.ttf
-Internet Plug-Ins
flashplayer.xpt
Shockwave Flash NP-PPC
-mach_kernel
sbin
<23 files owned by root>
System
-Library
<12 sub-folders>
usr
<5 sub-folders>
By the way, what's the AppleFan.kext extension for?? I'm guessing it has something to do with controlling the fan speed. (I really dont know....)