Apple released Security Update 2009-004 yesterday to fix an issue with the DNS Service:

By sending a maliciously crafted update message to the BIND DNS server, a remote attacker may be able to interrupt the BIND service. The issue affects servers which are masters for one or more zones, regardless of whether they accept updates[…] This update addresses the issue by properly rejecting messages with a record of type ‘ANY’ where an assertion would previously have been raised.

BIND is disabled by default in Mac OS X & Server, but if you’ve got the DNS Service enabled you’ll want to apply this update. Grab it for Leopard or Tiger Server (Universal) or pick it up via Software Update. It’s also available for Mac OS X client.

[Via Topicdesk]

Another small fix to Topicdesk.com’s excellent mailbfr (Mail Backup/Fix/Restore) utility:

Bug fix to correct start/stop behaviour in 10.3.

I don’t see this one as necessary unless you’re still running Panther Server.

Amazon has Mac OS X 10.6 (Snow Leopard) Server, which is set to ship sometime in September, available for pre-order for $499.

Of course, there are actually three ways to get Snow Leopard Server:

• $499.00 through the aforementioned pre-order
• $9.99 through Apple’s Mac OS X Up-to-Date Program if you purchased a qualifying Xserve on June 8th or later
• Free* through the Apple Maintenance Program (AMP) if purchased before the official announcement of Snow Leopard Server’s shipping date

* - AMP itself costs either $499 or $999 for Mac OS X 10.5 Leopard Server 10-Client or Unlimited Client enrollments, respectively, but provides all OS updates (including major updates such as Snow Leopard Server) for 36 months.

Apple has the following updates for Mac OS X Server:

Mac OS X Server 10.5.8 Updater

This update includes the following improvements:

• Reliability of AFP for file services and Time Machine backups
• Propagating file system permissions
• Maintaining history of user’s previous passwords
• Ensuring consistent VPN throughput regardless of load
• Spotlight indexing and memory consumption

Further details available in this knowledge base article. Full and Combo updaters are available.

Security Update 2009-003

This Security Update is for Mac OS X Server 10.4.11 and coincides with the security updates found in Mac OS X Server 10.5.8. Full details are available in this knowledge base article.

While both PowerPC & Intel-specific updaters are also available, we’re linking to Security Update 2009-003 (Server Tiger Universal).

Let us know how you fare with either of these updates.

Update: Topicdesk has noted in their Newsletters and on Twitter that these updates can overwrite files related to custom installations of Apache, PHP, and GD, esp. those garnered through many of their tutorials. Performing the custom installation again after applying one of the aforementioned updates should do the trick.

Found this floating around in my Inbox this morning:

• G5 xserve 2Ghz 3GB RAM, 80GB/500GB,
• Rack mount APC 1500VA
• Anthro 12U rack with 2 tap rails

Asking $1000, call Scott at Calais Design (Eight Zero Two-999-8914) and you’re more then welcome to say we referred you.

Topicdesk.com has updated their excellent mailbfr tool to version 1.0.4. mailbfr is a utility script for backing up, fixing, and restoring (hence the name) the Mail service on Mac OS X Panther/Tiger/Leopard Server.

This update includes the following change (via the changelog):

Minor bug fix that would prevent restore of mailman configuration files

Of course, mailbfr includes self-update functionality, so if you’ve already installed it you can merely just run it for a prompt to update.

It appears that there some critical vulnerabilities in Java that, while fixed by Sun, have not made their way into Mac OS X, even with the newly-released Mac OS X 10.5.7. These vulnerabilities can be taken advantage of to run commands outside of the Java sandbox as the executing user.

Landon Fuller has an overview, workarounds, and a proof-of-concept and Julien Tinnes has a detailed explanation & example. The workaround? Disable Java and ‘Open “safe” files after downloading’ in Safari and other browsers. But you disabled ‘Open “safe” files after downloading’ long ago, right?

[Via Daring Fireball]

Update: This was fixed in Java for Mac OS X 10.4 Release 9 & Java for Mac OS X 10.5 Update 4 on June 15th, 2009.

We previously wrote about some RAID rebuilding issues we were having and that the way around it was to reboot your computer into the OS X Installer disks, open up Terminal and enter in a string of commands.

Fortunately Apple has fixed an issue within the Disk Utility application that allows it to work as intended. Now you can simply drag new disks into a RAID set and click on the Rebuild button and it’ll work properly!

I just tried it out this weekend and it successfully rebuilt a degraded mirror RAID set!

After playing with OpenFire for some time, I decided to go back to the default jabberd install on OS X Leopard Server. Unfortunately, the application doesn’t seem to come with an un-installer nor are there directions in the documentation.

A quick search on the Ignite Software forums turned up these directions for removing OpenFire from your system:

1
2
3
4

sudo rm -rf /usr/local/openfire
sudo rm -rf /Library/PreferencePanes/Openfire.prefPane
sudo rm -rf /Library/LaunchDaemons/org.jivesoftware.openfire.plist
sudo rm -rf /Library/Receipts/Openfire.pkg

Last week one of our database servers notified me that the main OS drive had less then 5% storage space. I loaded up one of my favorite tools, Grand Perspective to see what was taking up so much space. Sure enough, I had about 5-6GBs of space left, and there were about 20-25 files each 1-2GBs in-size. Each file was a log file for MySQL. These were each binary log files.

Following the same article on the MySQL website, I found out that it was possible to delete the log files without screwing anything up. Running the PURGE BINARY LOGS did so. Now it is possible to set log sizes, but since I really have no use for them I just stopped the logging all together.

You can do this by editing the following file:

/etc/my.cnf

Locate the following lines and then comment it out.

# Replication Master Server (default)
# binary logging is required for replication
#log-bin=mysql-bin