6C115 contains an insecure OpenSSL with any app compiled against that version of OpenSSL also being insecure. Has a security update for it appeared in Software Update since Macs are now shipping with 10.2?
<strong>6C115 contains an insecure OpenSSL with any app compiled against that version of OpenSSL also being insecure. Has a security update for it appeared in Software Update since Macs are now shipping with 10.2?</strong><hr></blockquote>
There is likely to be an update, possibly 10.2.1, soon after August 24. Early September was suggested to me. I presume it will fix the Finder bugs and bring 10.2 up to date security-wise with 10.1.5.
<strong>6C115 contains an insecure OpenSSL with any app compiled against that version of OpenSSL also being insecure. Has a security update for it appeared in Software Update since Macs are now shipping with 10.2?</strong><hr></blockquote>
10.2 works great with Wacom tablets, and 115 seem to work perfectly with just about everything i've tried with it. I'm running a slowsilver 733. Yes i have a pirated version, don't hate cuz you dont have it, be happy that i'm going to buy it!
Wasn't that problem only if you compiled OpenSSL yourself from the one version of the source that had the trojan built in? I thought Apple stated their version was built from a verified clean source and they just updated to keep version numbers consistent and remove any doubt as to whether or not a user had clean, Apple supplied OpenSSL.</strong><hr></blockquote>
That was OpenSSH with the trojan in the source. Any version of OpenSSL prior to .9.6e is remotely exploitable.
*Sigh* Jaguar has been shipping on Macs for about a week. You must be tired of being a total lamer.</strong><hr></blockquote>
Naw, he's just being sarcastic... after all of the OSS folks have been boasting about the turn around time for security patches on Linux, et al, Apple goes and beats them to the punch by releasing the security patch *before the OS ships*!
I can just see Steve now, standing on the ramparts, talking in an outrrrrrrageous accent: "Ha! Beat *that* you OSS pigdogs!"
Comments
About that mouse bug: I don't have that problem at all. It works fine for me.
Has anyone seen any info that the shipping CDs are also C115?
<strong>with all the new Macs shipping with Jaguar CDs, I still havent seen anyone actually verify that those CDs are also C115.
Has anyone seen any info that the shipping CDs are also C115?</strong><hr></blockquote>
It seems all we really have to go on are reports by people who have the cds. No "concrete verification" but lots of reports by individuals.
Eugene, I got ballsy and check SU to see if there were any. Nope, none listed. Now if the Apple Gestapo come knocking on my door...
<strong>6C115 contains an insecure OpenSSL with any app compiled against that version of OpenSSL also being insecure. Has a security update for it appeared in Software Update since Macs are now shipping with 10.2?</strong><hr></blockquote>
There is likely to be an update, possibly 10.2.1, soon after August 24. Early September was suggested to me. I presume it will fix the Finder bugs and bring 10.2 up to date security-wise with 10.1.5.
<strong>6C115 contains an insecure OpenSSL with any app compiled against that version of OpenSSL also being insecure. Has a security update for it appeared in Software Update since Macs are now shipping with 10.2?</strong><hr></blockquote>
No.
<strong>with all the new Macs shipping with Jaguar CDs, I still havent seen anyone actually verify that those CDs are also C115.
Has anyone seen any info that the shipping CDs are also C115?</strong><hr></blockquote>
Yes, they're all 6C115.
You Mac users have to be tired of eating all this crow.
<strong>A security update for download before the OS is even released?
You Mac users have to be tired of eating all this crow.
*Sigh* Jaguar has been shipping on Macs for about a week. You must be tired of being a total lamer.
<strong>
Wasn't that problem only if you compiled OpenSSL yourself from the one version of the source that had the trojan built in? I thought Apple stated their version was built from a verified clean source and they just updated to keep version numbers consistent and remove any doubt as to whether or not a user had clean, Apple supplied OpenSSL.</strong><hr></blockquote>
That was OpenSSH with the trojan in the source. Any version of OpenSSL prior to .9.6e is remotely exploitable.
<strong>
*Sigh* Jaguar has been shipping on Macs for about a week. You must be tired of being a total lamer.</strong><hr></blockquote>
Naw, he's just being sarcastic... after all of the OSS folks have been boasting about the turn around time for security patches on Linux, et al, Apple goes and beats them to the punch by releasing the security patch *before the OS ships*!
I can just see Steve now, standing on the ramparts, talking in an outrrrrrrageous accent: "Ha! Beat *that* you OSS pigdogs!"
[ 08-16-2002: Message edited by: Kickaha ]</p>