Security Update 2003-11-19 includes the following updated components:
• OpenSSL
• zlib "gzprintf()" function

Here's more info on the 10.3 version of the update:

" OpenSSL: Fixes CAN-2003-0851 parsing particular malformed ASN.1 sequences are now handled in a more secure manner.

zlib: Addresses CAN-2003-0107. While there were no functions in Mac OS X that used the vulnerable gzprintf() function, the underlying issue in zlib has been fixed to protect any third-party applications that may potentially use this library. "

Note - Although not mentioned, the Panther update also includes Safari 1.1.1, see this Thursday news page item.
Rebooting to 10.2.8 and running Software Update lists the same update name, but additional fixes noted:

Security Update 2003-11-19 includes the following updated components:

• gm4
• groff
• Mail w/CRAM-MD5 authentication
• OpenSSL
• Personal File Sharing
• QuickTime for Java
• zlib "gzprintf()" function

Here's more details on the Security fixes for 10.2.8:

" Updates for Mac OS X v10.2.8 "Jaguar" and Mac OS X Server v10.2.8

gm4: Fixes CAN-2001-1411 a format string vulnerability in the gm4 utility. No setuid root programs relied on gm4 and this fix is a preventive measure against a possible future exploit.

groff: Fixes VU#399883 where the groff component pic contained a format-string vulnerability.

Mail: Fixes CAN-2003-0881 the Mac OS X Mail application will no longer fall back to plain text login when an account is configured to use MD5 Challenge Response.

OpenSSL: Fixes CAN-2003-0851 parsing particular malformed ASN.1 sequences are now handled in a more secure manner.

Personal File Sharing: Fixes CAN-2003-0878 when Personal File Sharing is enabled, the slpd daemon can no longer create a root-owned file in the /tmp directory to gain elevated privileges.

QuickTime for Java: Fixes CAN-2003-0871 a potential vulnerability that could allow unauthorized access to a system.

zlib: Addresses CAN-2003-0107. While there were no functions in Mac OS X that used the vulnerable gzprintf() function, the underlying issue in zlib has been fixed to protect any third-party applications that may potentially use this library."

Apple now has Kbase docs with download versions of the Security Update 2003-11-19 for Panther 10.3.1 and Security update 2003-11-19 for Jaguar 10.2.8.

" Update Toast 5.0 Titanium or later to 5.2.3 (compatible with Mac OS 9.1 and higher, including Mac OS X v10.3 ) November 19, 2003
Toast 5.2.3 Titanium enables the Buffer Underrun Prevention option for combination DVD+R/RW and DVD-R/RW recorders when using -R/RW media. Buffer Underrun Prevention is not an option when using +R/RW media, since the recorder uses the built-in error prevention that is part of the +R/RW specification."

" Ready to Run Macintosh OS X (10.2) Binaries (Warning: still at version 0.9.2) Please note that at the moment these binaries require Mac OS 10.2 or newer
Download the latest version here. You will also need the 0.9.2 base package along with the executable.
Please note that you will have to run this version from Terminal, for example using   "./fgfs -fg-root=./fgfsbase." "

There's also a link there to the Mac source code.
If any readers try this let me know what you think (include your mac model, graphics card, OS X version, etc.) Thanks. (Note: one reader's report is included in Thursday's news page)

" Sorry to report this sad news:
http://macmusic.org/news/view.php/lang/EN/id/1205/
(Note - requires cookies enabled in browser to view unfortunately-Mike)
Apple Master, composer and conductor Michael Kamen, probably best known for films like Robin Hood: Prince of Thieves and the Die Hard films, has died at age 55.

readers wishing to honor Michael Kamen's memory should give money to the Mr. Holland's Opus Foundation, which he founded to donate musical instruments to needy schools and young people. It seems there could be no better gift in his memory than to help children discover the wonder of music.
http://www.mhopus.org/
Peter Kirn "

" Hey Mike,
Last night I portscanned my AirPort Extreme basestation because I was curious what ports if any might be open. It turns out there are three ports open: 53 (DNS), 9100 (JetDirect), and 10000 (snet-sensor-mgmt).

Port 9100 being shown wide open intrigued me. I entered
http://(Basestation IP address):9100/ into Safari on a hunch. I thought perhaps there might be a secret web-admin interface that I could use to do some advanced configuration of the print-server. What happened next was quite unexpected. Shortly after entering the URL, my HP LaserJet 1200 woke-up and printed something. It was the text of HTTP GET request from the web browser...

GET / HTTP/1.1
Host: (basestation IP):9100
Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en)
AppleWebKit/103u (KHTML...
...et cetera...

Even better, I was able to use telnet to print more customized messages. Here's how:

*Open the Apple Terminal
*type "telnet (basestation IP) 9100" and hit return
*type anything and hit return. "Help, I'm trapped inside this printer"
worked for me.

At this point I have been able to reproduce this on several different HP printer models, but not any Epsons. (Even from the WAN side using the actual WAN IP address of the Base.) I have not had access to printers from Canon, Lexmark and other brands. Basestation configuration options like WEP, WDS, NAT, MAC access control, etc. don't seem make any difference.

In my opinion, there are two things that need to be done. WAN port traffic needs to be filtered on port 9100 when you have not chosen the "Enable Remote Printer Access" ption in the "WAN Privacy..." Airport Admin section. HP and Apple also should also make an effort to stop this behavior at the driver level.
I've already filed an official bug report as well.
--Eugene "

I repeatedly tried to get this to work (from WAN side/remote connection using the WAN IP and from LAN side using local base IP) with a 5.2 firmware new Airport Extreme Base w/Epson 870 attached and it always failed to connect, but I don't have an HP printer to test with.
A reader with an HP

" Hey Mike,
I tried what Eugene did with my HP Deskjet 5550 and it worked, although not as easily as he said. My printer would not wake up out of its sleep mode when the request was made but as soon as i pressed the power button on the front the requests I made while it was asleep printed out. Both the Safari and the telnet methods worked. I view this as a feature more than a bug however.
Michael"

As I told Michael, I do not consider this a feature when you have disabled Remote Printer Access in WAN Privacy settings.

" Hi Mike,
the User Verax mentioned (noted in yesterday's news item) was in fact me! I actually talked with their engineer to ensure the G03 it fits in the G5 case and on the card and it fits! But you have to sacrifice the nearby PCI Slot for this, because the cooler is too high. But it was well worth it, because I also suffered from a very loud GPU.

I have this running now for about three weeks and no problems so far. The engineer said that it should prolong the life of my GPU, because it's supposed to cool better than the Standard cooler and judging from the Design, that could be true. It is heavy and additionally, it has a temperature sensor, so the fans don't always blow at full speed. But I never noticed, because this thing seems to be very quiet.

The features don't make it exactly cheap, though (about 50 euros). Installation in the G5 was easy, but you have to fiddle with your Optical Drive a bit to bring the Y-Cable in place. (Apple should add another Molex connector, thats for sure!).
Apart from that, you have to take off the old cooler and press on the new one. I wasn't careful with that, (took also too much silica gel) but it didn't seem to ruin my card ;-) Cable length is not an issue and cabling remains relatively clean. All in all, a good thing for noise sensitive people! Note that this was done with an OEM card, AFAIK the Retail Model also needs the optical Drive Power plug. (see notes in my original article on 9800 Pro retail tests in a Dual G5) So I don't know how it works out in this case.
hope that helped!
Frank from Germany "

Since they say the on-card power connector is not recommended for powering this fan, you'd need to either splice/solder the fan power wires to the retail card's PS connection or use a 2nd Y-adapter.
Another G3 cooler user wrote:

" Hi Mike,
On october 31, I've received my Verax Kit G03AX for Radeon 9800 Pro... I have replaced the stock fan of the OEM 9800 without any problem and connected it with the Y cable to the Superdrive on my Dual G5. The fans + Y cable + thermal paste are with the kit.
So since then, 20 days and counting :) I have use my Dual 18 hours a day with Adobe Creative Suite CS, Panther, Unreal 2003, Diablo 2, Studio MX 2004... without ANY problems at all !

And this kit is sooooo quiet... you don't ear it at all ! it's like my GeForce FX 5200 ! Now the only thing i hear from my Dual is the powersupply unit which is not so quiet than my single 1.6 G5 (see Apple Forums for that). (the systems page, G5 section here also has a page on G5 noise reports, tips, etc.)
The only think you lose is one PCI slot... not too bad.
-J "

The G3 fan is taller than it looked on the data sheet I had for it, so like the G1 model (which verax does not recommend for 9800 series GPUs) it blocks the adjacent PCI slot. But after listening to this OEM 9800's fan for weeks (sounds like a dremel tool set to max RPM) it's a trade-off I'll gladly make.
Here's a small photo of the card with the G3 cooler:

• Apple Dual G4 DDR (MDD Dual 867) OC report
• Apple OEM G3/450 ZIF in B&W G3 (rated 9)
• PowerLogix BlueChip G3/900 in (pismo) Powerbook G3 2000 (rated 1)
• PowerLogix BlueChip G3/900 in (pismo) Powerbook G3 2000 (rated 10)
  (My reviews of G4 and G3 upgrades w/apps/game tests, install info, etc. are linked here. OC/CPU module articles are on the Systems page.)

(Warning - Overclocking may not be reliable and could lead to hardware failure or corrupted data.) You can find the full reports by searching the database selecting the indicated Mac model and upgrade card brand/type. If you've upgraded the CPU on your Mac, please post an entry in the database. Search the database for entries from most every upgradable Mac model *before* you buy. (Searchable by mac model/upgrade brand). For detailed reviews with performance tests and install tips, see the CPU Upgrades page.)

DVD-ROM Drives:
• IDE Samsung SD-616 16x/48x in G4/AGP (OS 9.2)
  
  CDRW Drives:
• Firewire (IDE drive in FW case) Liteon LTR-52327S (52x32x52x) in G4/AGP (OS 9.2) (using modified OS 9 LiteonCDR file from FAQ here)
  
  Combo DVD+CDR Drives:
• Exp. bay Matshita UJDA750 (24x10x24x + 8x DVD-ROM) in Powerbook G3 2000 (OS X) (using modified burn support plugin in 10.2.8)
• IDE Toshiba SD-R2102 (8+8x8x24x + 8x DVD-ROM) in iBook 2001 (OS 9.2)
  (HD didn't mount after install - suspect Combo drive is set to master (fixed) so HD would need changing to slave.)
  
  DVD+R/RW + DVD-R/RW Drives:
• IDE Pioneer DVR-106D in G4/AGP (OS X)
• IDE Pioneer DVR-106D in G4/AGP (OS X 10.3)
  (Illustrated CD drive install guide here covers G4 towers up to the Digital Audio Model, Beige G3 MT, B&W G3 and 8600/9600 Macs)
  
  DVD-R + DVD RAM Drives:
• IDE LG 4040B in Dual G4 DDR (OS X)
  (using modified burn support plugin w/10.2.8)
  
  Hard Drives:
• IDE Hitachi Travelstar 80GN 80GB in Powerbook G4 (OS X 10.3)
  (Reader FYI - This drive was reviewed here earlier this year, see IDE topics page, HD section for review links. PowerBook G4 Ti 15in. LCD illustrated Hard Drive install guide here
  Powerbook G4 12in LCD illustrated Hard Drive install guide here)
• IDE Maxtor 200GB in G4/AGP using IDE PCI card (OS X 10.3)
  (problems noted)
  (Illustrated guide to adding a 2nd HD here in B&W G3 rev2 and G4 towers up to the QuickSilver models.
  IDE articles page RAID section has an illustrated guide for adding 2 more drives in the side bays.)
• IDE Maxtor 60GB in iMac slot-loading (OS 8.6)
• IDE Seagate ST340014A 40GB in iMac slot-loading (OS 9.1)
• SCSI Quantum Atlas 10k 18GB in 9600 (OS X
  (problems noted with OS X)

You can find full owner reports (latest shown first) by searching the database by drive/brand/interface/mac models (the latest reports are shown first in searches). For guides to installing CD/CDRW/DVD drives or Hard drives in many mac models, see the IDE Articles page. The Firewire articles page also has guides on case kits, installing drives, etc.
If you've added a IDE, SCSI, Firewire or USB hard drive, CDRW, tape drive, etc. make sure you add a report to the database. (If you post an updated entry - make sure you use the same name, etc. as you did before so I can find your past entry. Thanks.)
(Incomplete entries are deleted. Do not post questions in the database, it's for drive reports not questions on what drive to buy - for that try searching the database for reports from owners of your mac model on the drive type/brand/interface, etc. you're interested in.)

• 1 year ago today
• 2 years ago today
• 3 years ago today