09/22/2003, 5:25pm, EDT
Monday, September 22nd[::FROM::] [::SiteName::]
Apple releases Mac OS X 10.2.8 update
[::digg_button::]
- Windows on external displays connected to some PowerBook computers are drawn better.
- The Bluetooth menu bar item works better when a Bluetooth USB adapter is disconnected and reconnected.
- Addresses a situation in which an external FireWire storage device would not become available (mount) and this message would appear: "A disk attempting to mount as 'unknown' has failed. Please use Disk Utility to check the disk."
- Addresses an issue in which some Bluetooth devices may not be available after the computer wakes from sleep.
- Addresses an issue in which some Bluetooth keyboards may show a delayed response when you press a key after the computer wakes from sleep.
- Addresses an issue in which some iBook computers could make a clicking sound when using Mac OS X 10.2.5 or 10.2.6. Reduces a potential delay when removing some devices from the Bluetooth pairing list.
- Addresses a potential issue in which an audio application can unexpectedly quit when a USB- or FireWire-based audio device is disconnected.
- Bluetooth preferences correctly displays the Bluetooth menu bar item's status if the item was enabled elsewhere.
- Includes several enhancements for Safari.
- Includes support for USB 2.0 devices, including PCI and PC cards for computers that do not include USB 2.0 hardware.
Mac OS X 10.2.8 also addresses several security issues, as noted by Apple's security team:
- OpenSSH: Mac OS X 10.2.8 contains the patches to address CVE CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682. On Mac OS X versions prior to 10.2.8, the vulnerability is limited to a denial of service from the possibility of causing sshd to crash. Each login session has its own sshd, so established connections are preserved up to the point where system resources are exhausted by an attack.
To deliver the update in a rapid and reliable manner, only the patches for CVE IDs listed above were applied, and not the entire set of patches for OpenSSH 3.7.1. Thus, the OpenSSH version in Mac OS X 10.2.8, as obtained via the "ssh -V" command, is: OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL 0x0090609f. - Sendmail: Addresses CVE CAN-2003-0694 and CAN-2003-0681 to fix a buffer overflow in address parsing, as well as a potential buffer overflow in ruleset parsing.
- fb_realpath(): Fixes CAN-2003-0466 which is an off-by-one error in the fb_realpath() function that may allow attackers to execute arbitrary code.
- arplookup(): Fixes CAN-2003-0804. The arplookup() function caches ARP requests for routes on a local link. On a local subnet only, it is possible for an attacker to send a sufficient number of spoofed ARP requests which will exhaust kernel memory, leading to a denial of service.
[::news_tags::]
[::boottext::] [::bootmark::]
[::layout::]
[::google::]


subscribe to comments
for this article
Actually, my iBook 700 MHz refuses to accept the update. System Update quts with an error message. Anyone else having the same problem?
posted by MacNN.com Reader
Why is it so hard?
Apple Sucks!
LOL
posted by MacNN.com Reader
posted by MacNN.com Reader
posted by MacNN.com Reader
posted by MacNN.com Reader
4PP73 0WN2 J00!!!!!
posted by MacNN.com Reader
posted by MacNN.com Reader
posted by MacNN.com Reader
posted by MacNN.com Reader
posted by MacNN.com Reader