Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
Happy Thanksgiving to those who celebrate it, from all of us here at LWN. Happy November 26 to everyone else :) Debianhas updated dpkg(code execution), nspr(code execution), python-django(information disclosure), and smokeping(code execution). Debian-LTShas updated eglibc(two vulnerabilities), python-django(information disclosure), and redmine(MV). Fedorahas updated abrt(F21: information disclosure), jenkins(F22: three vulnerabilities), jenkins-remoting(F22: three vulnerabilities), and libreport(F21: information disclosure). openSUSEhas updated libpng12(13.2, 13.1: two vulnerabilities), libpng16(13.2, 13.1: denial of service), and strongswan(authentication bypass). Oraclehas updated abrt and libreport(OL7: MV), glibc(OL7; OL7: MV), kernel(OL7: MV), NetworkManager(OL7: denial of service), sssd(OL7: unspecified), and tigervnc(OL7: two vulnerabilities). Red Hathas updated git19-git(RHSC2: code execution), java-1.5.0-ibm(RHEL5&6: MV), ntp(RHEL6: denial of service), and thunderbird(MV). SUSEhas updated kernel(SLE11SP3: MV). Ubuntuhas updated dpkg(code execution) and openjdk-7(15.10, 15.04, 14.04: unspecified vulnerability).
Thanksgiving day security updates

Software Freedom Conservancy has announceda major fundraising effort. "Pointing to the difficulty of relying on corporate funding while pursuing important but controversial issues, like GPL compliance, Conservancy has structured its fundraiser to increase individual support. The organization needs at least 750 annual Supporters to continue its basic community services and 2500 to avoid hibernating its enforcement efforts. If Conservancy does not meet its goals, it will be forced to radically restructure and wind down a substantial portion of its operations."
Software Freedom Conservancy Launches 2015 Fundraiser

Debianhas updated libcommons-collections3-java(unsanitized input data) and symfony(two vulnerabilities). Debian-LTShas updated putty(memory corruption). Fedorahas updated grub2(F23: Secure Boot circumvention), krb5(F21: multiple vulnerabilities), libpng10(F23; F22; F21: two vulnerabilities), sblim-sfcb(F23; F22; F21: denial of service), and wpa_supplicant(F22: denial of service). Slackwarehas updated pcre(code execution). SUSEhas updated linux-3.12.32(SLELP12: two vulnerabilities), linux-3.12.36(SLELP12: two vulnerabilities), linux-3.12.38(SLELP12: two vulnerabilities), linux-3.12.39(SLELP12: two vulnerabilities), linux-3.12.43(SLELP12: two vulnerabilities), linux-3.12.44(SLELP12: two vulnerabilities), and linux-3.12.44(SLELP12: two vulnerabilities). Ubuntuhas updated icedtea-web(15.10, 15.04, 14.04: applet execution) and python-django(15.10, 15.04, 14.04, 12.04: information disclosure).
Security advisories for Wednesday

RAID5 support in the MD driver has been part of mainline Linux since 2.4.0 was released in early 2001. During this time it has been used widely by hobbyists and small installations, but there has been little evidence of any impact on the larger or "enterprise"sites. Anecdotal evidence suggests that such sites are usually happier with so-called "hardware RAID"configurations where a purpose-built computer, whether attached by PCI or fibre channel or similar, is dedicated to managing the array. This situation could begin to change with the 4.4 kernel, which brings some enhancements to the MD driver that should make it more competitive with hardware-RAID controllers.
[$] A journal for MD/RAID5

Debian-LTShas updated openjdk-6(multiple vulnerabilities). Fedorahas updated libsndfile(F22; F21: buffer overflow), mingw-freeimage(F23; F22: integer overflow), rpm(F23: denial of service), wpa_supplicant(F21: denial of service), and zarafa(F21: two vulnerabilities, one from 2012). Oraclehas updated autofs(OL7: privilege escalation), binutils(OL7: multiple vulnerabilities), chrony(OL7: multiple vulnerabilities), cpio(OL7: denial of service), cups-filters(OL7: multiple vulnerabilities), curl(OL7: multiple vulnerabilities), file(OL7: multiple vulnerabilities), grep(OL7: heap buffer overrun), grub2(OL7: Secure Boot circumvention), krb5(OL7: two vulnerabilities), libreport(OL6: data leak), libssh2(OL7: information leak), net-snmp(OL7: denial of service), netcf(OL7: denial of service), ntp(OL7: multiple vulnerabilities), openhpi(OL7: world writable /var/lib/openhpi directory), openldap(OL7: unintended cipher usage), openssh(OL7: two vulnerabilities), python(OL7: multiple vulnerabilities), rest(OL7: denial of service), rubygem-bundler and rubygem-thor(OL7: installs malicious gem files), squid(OL7: certificate validation bypass), unbound(OL7: denial of service), wireshark(OL7: multiple vulnerabilities), and xfsprogs(OL7: information disclosure). Scientific Linuxhas updated libreport(SL6: data leak). SUSEhas updated firefox(SLES10SP4: multiple vulnerabilities).
Security updates for Tuesday

Red Hat has announced the releaseof Red Hat Enterprise Linux 7.2. "New features and capabilities focus on security, networking, and system administration, along with a continued emphasis on enterprise-ready tooling for the development and deployment of Linux container-based applications. In addition, Red Hat Enterprise Linux 7.2 includes compatibility with the new Red Hat Insights, an add-on operational analytics offering designed to increase IT efficiency and reduce downtime through the proactive identification of known risks and technical issues."
Red Hat Enterprise Linux 7.2

Debianhas updated openjdk-7(unspecified vulnerability). Fedorahas updated cyrus-imapd(F21: largely unspecified), gdm(F23: denial of service), jenkins(F23: multiple vulnerabilities), jenkins-remoting(F23: multiple vulnerabilities), kernel(F21: multiple vulnerabilities), libpng(F23: denial of service), m2crypto(F21: denial of service), pdns(F21: denial of service), perl-IPTables-Parse(F21: predictable temporary file names), postgresql(F22: two vulnerabilities), python-rauth(F23: unspecified vulnerability), and xen(F23; F22; F21: denial of service). openSUSEhas updated Chromium(SUSE Package Hub for SLE12; Leap42.1, 13.2, 13.1: information leak), docker(Leap42.1: two vulnerabilities), and miniupnpc(Leap42.1, 13.2, 13.1: code execution). Red Hathas updated abrt, libreport(RHEL7: multiple vulnerabilities), java-1.6.0-ibm(RHEL5,6: multiple vulnerabilities), java-1.7.0-ibm(RHEL5: multiple vulnerabilities), java-1.7.1-ibm(RHEL6,7: multiple vulnerabilities), java-1.8.0-ibm(RHEL7: multiple vulnerabilities), and libreport(RHEL6: data leak).
Security advisories for Monday

Martin Grlin looks at the security of the Plasma desktoprunning under Wayland; it's better than X11, but with some ground yet to cover. "Now imagine you want to write a key logger in a Plasma/Wayland world. How would you do it? I asked myself this question recently, thought about it, found a possible solution and had a key logger in less than 10 minutes: ouch."
Grlin: Looking at the security of Plasma/Wayland

This Libre Graphics World articlelooks at the challenges faced by the 20-year-old GIMP project. "If you've been following GIMP's progress over recent years, you couldn't help yourself noticing the decreasing activity in terms of both commits (a rather lousy metric) and amount of participants (a more sensible one). 'GIMP is dying', say some. 'GIMP developers are slacking', say others. 'You've got to go for crowdfunding' is yet another popular notion. And no matter what, there's always a few whitebearded folks who would blame the team for not going with changes from the FilmGIMP branch. So what's actually going on and what's the outlook for the project?"
GIMP is 20 Years Old, What?s Next? (Libre Graphics World)

The second 4.4 prepatchis out for testing. Linus says: "Things are looking fairly normal in 4.4-land, with no huge surprises in rc2. There were a couple of late features: parisc hugepage support and some late slub bulk allocator patches were not only merged at the end of the week, but they strictly speaking should have been merge window things."
Kernel prepatch 4.4-rc2

Lennart Poettering introduces the sd-event APIfor the implementation of event loops. "sd-event.h, of course, is not the first event loop API around, and it doesn't implement any really novel concepts. When we started working on it we tried to do our homework, and checked the various existing event loop APIs, maybe looking for candidates to adopt instead of doing our own, and to learn about the strengths and weaknesses of the various implementations existing. Ultimately, we found no implementation that could deliver what we needed, or where it would be easy to add the missing bits: as usual in the systemd project, we wanted something that allows us access to all the Linux-specific bits, instead of limiting itself to the least common denominator of UNIX."
Poettering: Introducing sd-event

Debianhas updated lxc(code execution). Debian-LTShas updated nspr(code execution). Mageiahas updated dovecot(M5: denial of service), gcc(M5: predictable random values), kernel(M5: multiple vulnerabilities), latex2rtf(M5: code execution), libpng/libpng12(M5: denial of service), and uglify-js(M5: malicious code obfuscation). openSUSEhas updated krb5(13.1, 13.2: memory corruption) and libksba(13.1, 13.2: denial of service). Red Hathas updated autofs(RHEL7: privilege escalation), binutils(RHEL7: multiple vulnerabilities), chrony(RHEL7: multiple vulnerabilities), cpio(RHEL7: code execution), cups-filters(RHEL7: multiple vulnerabilities), curl(RHEL7: multiple vulnerabilities), file(RHEL7: multiple vulnerabilities), glibc(RHEL7: multiple vulnerabilities; RHEL7: privilege escalation), grep(RHEL7: heap buffer overrun), grub2(RHEL7: Secure Boot circumvention), kernel(RHEL7: multiple vulnerabilities), kernel-rt(RHEL7: multiple vulnerabilities), krb5(RHEL7: multiple vulnerabilities), libssh2(RHEL7: denial of service), net-snmp(RHEL7: denial of service), netcf(RHEL7: denial of service), NetworkManager(RHEL7: multiple vulnerabilities), ntp(RHEL7: multiple vulnerabilities), openhpi(RHEL7: world writable /var/lib/openhpi directory), openldap(RHEL7: unintended cipher usage), openssh(RHEL7: multiple vulnerabilities), pacemaker(RHEL7: privilege escalation), pcs(RHEL7: denial of service), python(RHEL7: multiple vulnerabilities), realmd(RHEL7: unsanitized input), rest(RHEL7: denial of service), rubygem-bundler, rubygem-thor(RHEL7: code execution), squid(RHEL7: certificate validation bypass), sssd(RHEL7: memory leak), tigervnc(RHEL7: multiple vulnerabilities), unbound(RHEL7: denial of service), wireshark(RHEL7: multiple vulnerabilities), and xfsprogs(RHEL7: information leak). Ubuntuhas updated libpng(multiple vulnerabilities).
Friday's security updates

Matthew Garrett continues his campaignagainst Canonical's "intellectual property rights policy". "The reality is that if Debian had had an identical policy in 2004, Ubuntu wouldn't exist. The effort required to strip all Debian trademarks from the source packages would have been immense, and this would have had to be repeated for every release. While this policy is in place, nobody's going to be able to take Ubuntu and build something better."
Garrett: If it's not practical to redistribute free software, it's not free software in practice

The Pitivi 0.95 releaseis out, bringing a lot of changes to this longstanding video editor project. "This one packs a lot of bugfixes and architectural work to further stabilize the GES backend. In this blog post, I?ll give you an overview of the new and interesting stuff this release brings, coming out from a year of hard work. It?s pretty epic and you?re in for a few surprises, so I suggest listening to this song while you?re reading this blog post."
Pitivi 0.95 released

The "Detectify Labs"site has put up a lengthy analysisof the user tracking taking place in many Chrome browser extensions. "Google, claiming that Chrome is the safest web browser out there, is actually making it very simple for extensions to hide how aggressively they are tracking their users. We have also discovered exactly how intrusive this sort of tracking actually is and how these tracking companies actually do a lot of things trying to hide it. Due to the fact that the gathering of data is made inside an extension, all other extensions created to prevent tracking (such as Ghostery) are completely bypassed."At the end they note that the situation with Firefox is not a whole lot better.
Detectify: Chrome Extensions ? AKA Total Absence of Privacy

Oracle Java SE CVE-2015-4860 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4860 Remote Security Vulnerability

Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4872 Remote Security Vulnerability

Oracle Java SE CVE-2015-4911 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4911 Remote Security Vulnerability

Oracle Java SE CVE-2015-4903 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4903 Remote Security Vulnerability

[SECURITY] [DSA 3407-1] dpkg security update
Bugtraq: [SECURITY] [DSA 3407-1] dpkg security update

[SECURITY] [DSA 3406-1] nspr security update
Bugtraq: [SECURITY] [DSA 3406-1] nspr security update

[SECURITY] [DSA 3405-1] smokeping security update
Bugtraq: [SECURITY] [DSA 3405-1] smokeping security update

[SECURITY] [DSA 3404-1] python-django security update
Bugtraq: [SECURITY] [DSA 3404-1] python-django security update

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus