Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
The 4.10-rc4kernel prepatch is out for testing. "Things are still looking fairly normal, and this is the usual weekly Sunday rc release. We're up to rc4, and people are clearly starting to find the regressions. Good, good."
Kernel prepatch 4.10-rc4

The 4.9.4and 4.4.43stable kernel updates are available; each contains a relatively large set of important fixes.
Stable kernels 4.9.4 and 4.4.43

Google has postedan overview of its infrastructure security. It includes information about low-level details, such as physical security and secure boot, encryption of data at rest as well as communications between services and to users, keeping employee devices and credentials safe, and more. Undoubtedly there are lessons here for many different organizations. "This document gives an overview of how security is designed into Google?s technical infrastructure. This global scale infrastructure is designed to provide security through the entire information processing lifecycle at Google. This infrastructure provides secure deployment of services, secure storage of data with end user privacy safeguards, secure communications between services, secure and private communication with customers over the internet, and safe operation by administrators. Google uses this infrastructure to build its internet services, including both consumer services such as Search, Gmail, and Photos, and enterprise services such as G Suite and Google Cloud Platform."
Google Infrastructure Security Design Overview

Wired coversthe release of Qbsolvas open-source software (under the Apache License v2) by D-Wave, which is a company that makes quantum computing hardware. Qbsolv is "designed to help developers program D-Wave machines without needing a background in quantum physics". Further: Qbsolv joins a small but growing pool of tools for would-be quantum computer programmers. Last year Scott Pakin of Los Alamos National Laboratory?and one of Qbsolv?s first users?released another free tool called Qmasm, which also eases the burden of writing code for D-Wave machines by freeing developers from having to worry about addressing the underlying hardware. The goal, Ewald says, is to kickstart a quantum computing software tools ecosystem and foster a community of developers working on quantum computing problems. In recent years, open source software has been the best way to build communities of both independent developers and big corporate contributors. Of course to actually run the software you create with these tools, you?ll need access to one of the very few existing D-Wave machines. In the meantime, you can download a D-Wave simulator that will let you test the software on your own computer. Obviously this won?t be the same as running it on a piece of hardware that uses real quantum particles, but it?s a start.
Quantum Computing Is Real, and D-Wave Just Open-Sourced It (Wired)

Arch Linuxhas updated ark(code execution), bind(multiple vulnerabilities), docker(privilege escalation), flashplugin(multiple vulnerabilities), irssi(multiple vulnerabilities), lib32-flashplugin(multiple vulnerabilities), and libvncserver(two vulnerabilities). CentOShas updated java-1.6.0-openjdk(C7; C6; C5: multiple vulnerabilities) and kernel(three vulnerabilities). Debianhas updated rabbitmq-server(authentication bypass). Debian-LTShas updated asterisk(two vulnerabilities, one from 2014). Fedorahas updated docker(F25: privilege escalation), libgit2(F24: multiple vulnerabilities), and pcsc-lite(F24: privilege escalation). Gentoohas updated postgresql(multiple vulnerabilities, two from 2015), runc(privilege escalation), and seamonkey(multiple vulnerabilities). Mageiahas updated flash-player-plugin(multiple vulnerabilities), php-ZendFramework2(parameter injection), unzip(two vulnerabilities, one from 2014), and webmin(largely unspecified). Oraclehas updated java-1.6.0-openjdk(OL7; OL6; OL5: multiple vulnerabilities) kernel 2.6.39(OL6; OL5:multiple vulnerabilities), kernel 3.8.13(OL7; OL6: multiple vulnerabilities), and kernel 4.1.12(OL7; OL6: multiple vulnerabilities). Red Hathas updated java-1.6.0-openjdk(multiple vulnerabilities). Scientific Linuxhas updated kernel(SL6: three vulnerabilities).
Security advisories for Friday

Over at Techdirt, Mike Masnick writesabout a libel suit filed against the site: "As you may have heard, last week we were sued for $15 million by Shiva Ayyadurai, who claims to have invented email. We have written, at great length, about his claimsand our opinion ? backed up by detailed and thorough evidence ? that email existed long before Ayyadurai created any software. We believe the legal claims in the lawsuit are meritless, and we intend to fight them and to win. There is a larger point here. Defamation claims like this can force independent mediacompanies to capitulate and shut down due to mounting legal costs. Ayyadurai's attorney, Charles Harder, has already shown that this model can lead to exactly that result. His efforts helped put a much larger and much more well-resourced company than Techdirt completely out of business."
Masnick: Techdirt's First Amendment Fight For Its Life

Greg Kroah-Hartman has announced the release of the 4.9.3and 4.4.42stable kernels. As usual, there are fixes throughout the tree and users of those kernel series should upgrade.
The 4.9.3 and 4.4.42 stable kernels have been released

Debianhas updated bind9(three vulnerabilities), ikiwiki(three vulnerabilities), and python-pysaml2(XML external entity attack). Debian-LTShas updated libav(two vulnerabilities). Fedorahas updated compat-guile18(F25; F24: insecure directory creation), mingw-flac(F25: three vulnerabilities from 2015), qpid-java(F25: information disclosure), and springframework-security(F25: security constraint bypass). openSUSEhas updated flash-player(13.2: multiple vulnerabilities). Red Hathas updated memcached(RHMAP4.2: two vulnerabilities). Slackwarehas updated bind(denial of service), gnutls(multiple vulnerabilities), and irssi(multiple vulnerabilities). SUSEhas updated bind(SLE12-SP2,SP1; SLE12; SLE11-SP4,SP3: three vulnerabilities) and flash-player(SLE12-SP1: multiple vulnerabilities). Ubuntuhas updated bind9(three vulnerabilities) and libvncserver(two vulnerabilities).
Thursday's security updates

The Weekly Edition for January 12, 2017 is available.
[$] Weekly Edition for January 12, 2017

The Ansible project is currently posting release candidates for the 2.1.4 and 2.2.1 releases. They fix an important security bug: "CVE-2016-9587 is rated as HIGH in risk, as a compromised remote system being managed via Ansible can lead to commands being run on the Ansible controller (as the user running the ansible or ansible-playbook command)."Until this release is made, it would make sense to be especially careful about running Ansible against systems that might have been compromised. Update: see this advisoryfor much more detailed information.
CVE-2016-9587: an unpleasant Ansible vulnerability

The appearance of a "Python 2.8"got the attention of the Python core developers in early December. It is based on Python 2.7, with features backported from Python 3.x. In general, there was little support for the effort?core developers tend to clearly see Python 3 as the way forward?but no opposition to it either. The Python license makes it clear that these kinds of efforts are legal and even encouraged?any real opposition to the project lies in its name. Subscribers can click below for the full article from this week's edition.
[$] Python 2.8?

Debianhas updated icedove(multiple vulnerabilities). Debian-LTShas updated tomcat7(information disclosure). Gentoohas updated bind(denial of service), botan(two vulnerabilities), c-ares(code execution), dbus(denial of service), expat(multiple vulnerabilities, one from 2012), flex(code execution), nginx(privilege escalation), ntfs3g(privilege escalation from 2015), p7zip(two code execution flaws), pgbouncer(two vulnerabilities), phpBB(two vulnerabilities), phpmyadmin(multiple vulnerabilities), vim(code execution), and vzctl(insecure ploop-based containers from 2015). openSUSEhas updated jasper(42.2, 42.1: multiple vulnerabilities). Oraclehas updated kernel(OL6: three vulnerabilities). Red Hathas updated flash-plugin(RHEL6: multiple vulnerabilities), kernel(RHEL6.7: code execution), and kernel(RHEL6: three vulnerabilities). SUSEhas updated freeradius-server(SLE12-SP1,2: insufficient certificate verification) and LibVNCServer(SLE11-SP4: two vulnerabilities). Ubuntuhas updated kernel(16.10; 16.04; 14.04; 12.04: multiple vulnerabilities), linux-lts-trusty(12.04: multiple vulnerabilities), linux-lts-xenial(14.04: three vulnerabilities), linux-raspi2(16.10; 16.04: two vulnerabilities), linux-snapdragon(16.04: two vulnerabilities), linux-ti-omap4(12.04: two vulnerabilities), and webkit2gtk(16.04: multiple vulnerabilities).
Security updates for Wednesday

Tim Kadlec looks at the ongoing MongoDB compromisesand how they came to be. "Before version 2.6.0, that wasn?t true. By default, MongoDB was left open to remote connections. Authentication is also not required by default, which means that out of the box installs of MongoDB before version 2.6.0 happily accept unauthenticated remote connections."
Kadlec: The MongoDB hack and the importance of secure defaults

The digiKam team has announced the releaseof version 5.4.0 of the digiKam Software Collection, a photo editing system. "This version introduces several improvements to the similarity search engine and a complete re-write of video file support."Under the hood, digiKam has been fully ported to the QtAV frameworkto handle video and audio files.
digiKam 5.4.0 is released

Synfig Studio 1.2.0, a 2D animation system, has been released. This version features a completely rewritten render engine and new lipsync features, along with many improvements and bugfixes.
Synfig 1.2.0 released

Linux Kernel CVE-2016-5195 Local Privilege Escalation Vulnerability
Vuln: Linux Kernel CVE-2016-5195 Local Privilege Escalation Vulnerability

libxml2 CVE-2016-3705 Stack Buffer Overflow Vulnerability
Vuln: libxml2 CVE-2016-3705 Stack Buffer Overflow Vulnerability

Linux Kernel CVE-2015-5307 Denial of Service Vulnerability
Vuln: Linux Kernel CVE-2015-5307 Denial of Service Vulnerability

Oracle Java SE CVE-2016-5573 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2016-5573 Remote Security Vulnerability

[SECURITY] [DSA 3743-2] python-bottle regression update
Bugtraq: [SECURITY] [DSA 3743-2] python-bottle regression update

[SECURITY] [DSA 3765-1] icoutils security update
Bugtraq: [SECURITY] [DSA 3765-1] icoutils security update

[security bulletin] HPSBGN03689 rev.1 - HPE Diagnostics, Remote Cross-Site Scripting and Click Jacking
Bugtraq: [security bulletin] HPSBGN03689 rev.1 - HPE Diagnostics, Remote Cross-Site Scripting and Click Jacking

[security bulletin] HPSBST03671 rev.2 - HPE StoreEver MSL6480 Tape Library Management Interface, Multiple Remote Vulnerabilities
Bugtraq: [security bulletin] HPSBST03671 rev.2 - HPE StoreEver MSL6480 Tape Library Management Interface, Multiple Remote Vulnerabilities

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus