Security Update 2004-12-02

[bobw]

Security Update 2004-12-02 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:
• Apache
• AppKit
• HIToolbox
• Kerberos
• Postfix
• PSNormalizer
• Safari
• Terminal
For detailed information on this Update, please visit this website: http://www.info.apple.com/kbnum/n61798

 

[arkayn]

Downloaded but will install it later.

 

[rharder]

I installed it, and now my mac hangs on startup with a "starting login window" message. SSH-ing I see from a crash log this message:

**********

Host Name: Owl
Date/Time: 2004-12-04 07:45:51 -0600
OS Version: 10.3.4 (Build 7S148)
Report Version: 2

Command: loginwindow
Path: /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow
Version: ??? (???)
PID: 495
Thread: Unknown

Link (dyld) error:

dyld: /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow Undefined symbols:
AppKit undefined reference to __HIObjectOverrideAccessibilityContainment expected to be defined in HIToolbox


Still no solution.

-Rob

 

[Viro]

The security update should only be applied to 10.3.6 and you have 10.3.4. Did you install the update via software update? Or did you download the package from Apple's website and did a manual install?

 

[TommyWillB]

I was very impressed by the way Apache was updated... I all (most?) previous Apache updates, the httpd.conf was reverted back to the Apple default. Instead this time they performed some sort of search/replace to edit the currently used httpd.conf. (http://docs.info.apple.com/article.html?artnum=300422)

The reason this is cool is because I didn't need to revert to mine and manually merge Apple's changes to my highly customized one.

Very cool!

 

[TommyWillB]

Safari
Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X v10.2.8, Mac OS X Server v10.2.8
CVE-ID: CAN-2004-1121
Impact: Specially crafted HTML can display a misleading URI the Safari status bar.
Description: Safari could be tricked into displaying a URI in its status bar that was not the same as the destination of a link. This update corrects Safari so that it now displays the URI that will be activated when selected.

Anyone know where to find more info about this?

Where can I look up that CVE-ID: CAN-2004-1121 ?

 

[Viro]

I think it refers to this bug.http://secunia.com/advisories/13047/

 

[Tetano]

Also check this link

http://forum.zone-h.org/viewtopic.php?t=919