Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
Stable kernels 4.17.7, 4.14.56, 4.9.113, and 4.4.141have been released. The 4.17.7 kernel is broken for i386 systems. "I did this release anyway with this known problem as there is a fix in here for x86-64 systems that was nasty to track down and was affecting people. Given that the huge majority of systems are NOT i386, I felt this was a safe release to do at this point in time."Beyond that, these kernels all contain the usual set of important fixes.
Stable kernel updates

Security updates have been issued by Arch Linux(thunderbird), Debian(ruby-rack-protection), Fedora(firefox and soundtouch), Red Hat(kernel), Scientific Linux(gnupg2), SUSE(perl and python-paramiko), and Ubuntu(policykit-1).
Security updates for Tuesday

The recent announcement by Guido van Rossumthat he was stepping away from his "benevolent dictator for life"(BDFL) role for Python was met with some surprise, but not much shock, at least in the core-developer community. Van Rossum has been telegraphing some kind of change, at some unspecified point, for several years now, though the proximate cause (the "PEP 572 mess") is unfortunate. In the meantime, though, the project needs to figure out how to govern itself moving forward?Van Rossum did not appoint a successor and has left the governance question up to the core developers.
[$] Python post-Guido

Security updates have been issued by CentOS(firefox, gnupg2, kernel, python, and qemu-kvm), Debian(389-ds-base, cups, imagemagick, kernel, mailman, ruby2.1, sssd, thunderbird, and znc), Fedora(glpi, hadoop, kernel, rubygem-sprockets, singularity, thunderbird, wordpress, xapian-core, and xen), Mageia(cantata and flash-player-plugin), openSUSE(exiv2, libvorbis, nodejs6, nodejs8, openslp, singularity, slurm, and tiff), and SUSE(kernel-azure and openssl).
Security updates for Monday

The 4.18-rc5kernel prepatch has been released. "For some reason this week actually felt very busy, but the rc5 numbers show otherwise. It's all small and calm, and things are progressing nicely."
Kernel prepatch 4.18-rc5

All underutilized systems are essentially the same, but each overutilized system tends to be overloaded in its own way. If one's goal is to maximize the use of the available computing resources, overutilization tends not to be too far away, but when it happens, it can be hard to tell where the problem is. Sometimes, even the fact that there is a problem at all is not immediately apparent. The pressure-stall information patch setfrom Johannes Weiner may make life easier for system administrators by exposing more information about the real utilization state of the system.
[$] Tracking pressure-stall information

Security updates have been issued by Debian(cinnamon), Fedora(docker, firefox, jetty, and knot-resolver), Oracle(gnupg2), Scientific Linux(gnupg2), SUSE(gdk-pixbuf, java-1_8_0-openjdk, libopenmpt, php7, and rsyslog), and Ubuntu(dns-root-data, dnsmasq, and thunderbird).
Security updates for Friday

Python creator and Benevolent Dictator for Life Guido van Rossum has decided, in the wake of the difficult PEP 572 discussion, to step down from his leadership of the project. "Now that PEP 572 is done, I don't ever want to have to fight so hard for a PEP and find that so many people despise my decisions. I would like to remove myself entirely from the decision process. I'll still be there for a while as an ordinary core dev, and I'll still be available to mentor people -- possibly more available. But I'm basically giving myself a permanent vacation from being BDFL, and you all will be on your own."
Guido van Rossum resigns as Python leader

Mounting filesystems is a complicated business. The kernel supports a wide variety of filesystem types, and each has its own, often extensive set of options. As a result, the mount()system callis complex, and the list of mount optionsis a rather long read. But even with all of that complexity, mount()does not do everything that users would like. For example, the options for a mount operation must all fit within a single 4096-byte page ? the fact that this is a problem for some users is illustrative in its own right. The problems with mount()have come up at various meetings, including at the 2018 Linux Storage, Filesystem, and Memory-Management Summit. A set of patchesimplementing a new approach is getting closer to being ready, but it features some complexity of its own and there are some remaining concerns about the proposed system-call API.
[$] Six (or seven) new system calls for filesystem mounting

Security updates have been issued by Arch Linux(qutebrowser), CentOS(firefox), Debian(ruby-sprockets), Fedora(botan2, git-annex, kernel, kernel-tools, and visualboyadvance-m), Mageia(chromium-browser-stable, graphviz, mailman, nikto, perl-Archive-Zip, redis, and w3m), openSUSE(nextcloud), Oracle(gnupg2), Red Hat(flash-plugin, gnupg2, and kernel), Slackware(bind and curl), SUSE(java-1_8_0-openjdk, php7, rsyslog, slurm, and ucode-intel), and Ubuntu(cups, libpng, and libpng, libpng1.6).
Security updates for Thursday

The Weekly Edition for July 12, 2018 is available.
[$] Weekly Edition for July 12, 2018

The compromiseof the Gentoo's GitHub mirror was certainly embarrassing, but its overall impact on Gentoo users was likely fairly limited. Gentoo and GitHub responded quickly and forcefullyto the breach, which greatly limited the damage that could be done; the fact that it was a mirror and not the master copy of Gentoo's repositories made it relatively straightforward to recover from. But the black eye that it gave the project has led some to consider ways to make it even harder for an attacker to add malicious content to Gentoo?even if the distribution's owninfrastructure were to be compromised.
[$] Signing and distributing Gentoo

Greg Kroah-Hartman has released stable kernels 4.17.6, 4.14.55, 4.9.112, 4.4.140, and 3.18.115. As usual, they contain important fixes and users should upgrade.
A set of stable kernel updates

A recent query about the status of network security (TLS settings in particular) in Emacs led to a long thread in the emacs-devel mailing list. That thread touched on a number of different areas, including using OpenSSL (or other TLS libraries) rather than GnuTLS, what kinds of problems should lead to complaints out of the box, what settings should be the default, and when those settings could change for Emacs so as not to discombobulate users. The latter issue is one that lots of projects struggle with: what kinds of changes are appropriate for a bug-fix release versus a feature release. For Emacs, its lengthy development cycle, coupled with the perceived urgency of security changes, makes that question even more difficult.
[$] Emacs &TLS

Security updates have been issued by Debian(cups), Oracle(kernel and qemu-kvm), Red Hat(ansible, kernel, kernel-rt, and qemu-kvm), Scientific Linux(kernel and qemu-kvm), Slackware(thunderbird), and Ubuntu(curl, firefox, imagemagick, and xapian-core).
Security updates for Wednesday

Oracle PeopleSoft Enterprise PeopleTools Multiple Remote Security Vulnerabilities
Vuln: Oracle PeopleSoft Enterprise PeopleTools Multiple Remote Security Vulnerabilities

Oracle PeopleSoft Enterprise CS Financial Aid CVE-2018-3076 Remote Security Vulnerability
Vuln: Oracle PeopleSoft Enterprise CS Financial Aid CVE-2018-3076 Remote Security Vulnerability

Oracle iLearning CVE-2018-2989 Remote Security Vulnerability
Vuln: Oracle iLearning CVE-2018-2989 Remote Security Vulnerability

Oracle Sun ZFS Storage Appliance Kit (AK) Multiple Local Security Vulnerabilities
Vuln: Oracle Sun ZFS Storage Appliance Kit (AK) Multiple Local Security Vulnerabilities

[SECURITY] [DSA 4250-1] wordpress security update
Bugtraq: [SECURITY] [DSA 4250-1] wordpress security update

[slackware-security] mutt (SSA:2018-198-01)
Bugtraq: [slackware-security] mutt (SSA:2018-198-01)

[SECURITY] [DSA 4249-1] ffmpeg security update
Bugtraq: [SECURITY] [DSA 4249-1] ffmpeg security update

[SECURITY] [DSA 4248-1] blender security update
Bugtraq: [SECURITY] [DSA 4248-1] blender security update

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus