I noticed in the Security Update 2006-007 for OS X, they are including an update to the system Perl. I remembered that Redhat also recently released a security update for Perl on RHEL4, so I did a little digging. Turns out that today's update from Apple has nothing to do with
CVE-2006-3813 which is Redhat fixing their own slip-up. No, Apple is fixing CVE-2005-3962, for which Redhat released an update on December 20 of last year.
Oif! That's not good turnaround. Especially considering there have already been several other security updates for OS X this year and this relatively straightforward perl fix could have been in any of those.
Does OS X Server get more timely security?
No comments:
Post a Comment