Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
Version 3.2of the Qubes OS distribution is available. "This is an incremental improvement over the 3.1 version that we released earlier this year. A lot of work went into making this release more polished, more stable and easier to use than our previous releases."Changes include a new management infrastructure, the ability to assign individual USB devices to virtual machines and a switch to the Xfce4 desktop. See the release notesfor details.
Qubes OS 3.2 released

The PostgreSQL 9.6 release is available. "This release will allow users to both scale up and scale out high performance database workloads. New features include parallel query, synchronous replication improvements, phrase search, and improvements to performance and usability, as well as many more features."See the announcement text and the release notesfor more information.
PostgreSQL 9.6 released

The Weekly Edition for September 29, 2016 is available.
[$] Weekly Edition for September 29, 2016

Ana Guerrero Lopez sadly reports that Kristoffer H. Rose died on September 17. "Kristoffer was a Debian contributor from the very early days of the project, and the upstream author of several packages that are still in the Debian archive nowadays, such as the LaTeX package Xy-pic and FlexML. On his return to the project after several years' absence, many of us had the pleasure of meeting Kristoffer during DebConf15 in Heidelberg. The Debian Project honours his good work and strong dedication to Debian and Free Software. Kristoffer's broad technical knowledge and his ability to share that knowledge with others will be missed. The contributions of Kristoffer will not be forgotten, and the high standards of his work will continue to serve as an inspiration to others."
Debian Project mourns the loss of Kristoffer H. Rose

Arch Linuxhas updated bind(denial of service), lib32-openssl(denial of service), and openssl(denial of service). Debianhas updated bind9(two denial of service flaws). Fedorahas updated jansson(F24; F23: denial of service) and openssl(F24: multiple vulnerabilities). Mageiahas updated autotrace(code execution), firefox/rootcerts/nss(multiple vulnerabilities), gnutls(certificate verification bypass), graphicsmagick(multiple vulnerabilities), pdns(three denial of service flaws), thunderbird(multiple vulnerabilities), wget(two vulnerabilities), and zookeeper(buffer overflow). openSUSEhas updated bind(Leap42.1, 13.2: denial of service), freerdp(Leap42.1; 13.2: two vulnerabilities), and openssl(Leap42.1: multiple vulnerabilities). Oraclehas updated kvm(OL5: two vulnerabilities) and openssl(OL7; OL6: multiple vulnerabilities). Red Hathas updated bind(RHEL5,6,7: denial of service), bind97(RHEL5: denial of service), kernel(RHEL6.6: information leak), and kvm(RHEL5: two vulnerabilities). Slackwarehas updated bind(denial of service). SUSEhas updated bind(SLE12-SP1; SLES12; SOSC5, SMP2.1, SM2.1, SLE11-SP4: denial of service), mariadb(SLE12-SP1; SLES12: SQL injection/privilege escalation), openssl(SLE12-SP1: multiple vulnerabilities), and php5(SLESDK12-SP1, SLEM12: multiple vulnerabilities). Ubuntuhas updated bind9(denial of service) and Pillow(14.04: multiple vulnerabilities).
Security advisories for Wednesday

Ari Jaaksi and David Bryant posted a noteto the B2G (Boot to Gecko) OS community looking at the end of Firefox OS development and at what happens to the code base going forward. "In the spring and summer of 2016 the Connected Devices team dug deeper into opportunities for Firefox OS. They concluded that Firefox OS TV was a project to be run by our commercial partner and not a project to be led by Mozilla. Further, Firefox OS was determined to not be sufficiently useful for ongoing Connected Devices work to justify the effort to maintain it. This meant that development of the Firefox OS stack was no longer a part of Connected Devices, or Mozilla at all. Firefox OS 2.6 would be the last release from Mozilla. Today we are announcing the next phase in that evolution. While work at Mozilla on Firefox OS has ceased, we very much need to continue to evolve the underlying code that comprises Gecko, our web platform engine, as part of the ongoing development of Firefox. In order to evolve quickly and enable substantial new architectural changes in Gecko, Mozilla?s Platform Engineering organization needs to remove all B2G-related code from mozilla-central. This certainly has consequences for B2G OS. For the community to continue working on B2G OS they will have to maintain a code base that includes a full version of Gecko, so will need to fork Gecko and proceed with development on their own, separate branch."(Thanks to Paul Wise)
Firefox OS, B2G OS, and Gecko

Arch Linuxhas updated gnutls(certificate verification bypass), lib32-gnutls(certificate verification bypass), lib32-openssl(multiple vulnerabilities), openssl(multiple vulnerabilities), and wireshark-cli(multiple vulnerabilities). Debianhas updated jackrabbit(cross-site request forgery) and python-django(cross-site request forgery). Debian-LTShas updated firefox-esr(multiple vulnerabilities). Fedorahas updated community-mysql(F24: SQL injection/privilege escalation). openSUSEhas updated firefox, nss(13.1: multiple vulnerabilities) and openssl(13.2: multiple vulnerabilities). Red Hathas updated openssl(RHEL6,7: multiple vulnerabilities). Slackwarehas updated openssl(denial of service). SUSEhas updated openssl(SLES12: multiple vulnerabilities). Ubuntuhas updated python-django(cross-site request forgery).
Tuesday's security updates

Some time ago, we published a pair of articlesabout systemd programming that extolled the value of providing high-quality unit files in upstream packages. The hope was that all distributions would use them and that problems could be fixed centrally rather than each distribution fixing its own problems independently. Now, 30 months later, it seems like a good time to see how well that worked out for nfs-utils, the focus of much of that discussion. Did distributors benefit from upstream unit files, and what sort of problems were encountered?
[$] Systemd programming, 30 months later

KDE e.V. introducesthe KDE Advisory Board. "One of the core goals of the Advisory Board is to provide KDE with insights into the needs of the various organizations that surround us. We are very aware that we need the ability to combine our efforts for greater impact and the only way we can do that is by adopting a more diverse view from outside of our organization on topics that are relevant to us. This will allow all of us to benefit from one another's experience."
Announcing the KDE Advisory Board

Debianhas updated imagemagick(code execution), libarchive(three vulnerabilities), openssl(regression in previous update), and unadf(two vulnerabilities). Debian-LTShas updated dropbear(two vulnerabilities), dwarfutils(two vulnerabilities), mactelnet(code execution), openssl(multiple vulnerabilities), and policycoreutils(sandbox escape). Fedorahas updated bash(F24; F23: code execution) and firefox(F24; F23: multiple vulnerabilities). Gentoohas updated bundler(installs malicious gem files) and qemu(multiple vulnerabilities). Mageiahas updated gdk-pixbuf2.0(denial of service), golang(denial of service), libarchive(file overwrite), libtorrent-rasterbar(denial of service), php(multiple vulnerabilities), and wireshark(multiple vulnerabilities). openSUSEhas updated curl(Leap42.1: multiple vulnerabilities), flash-player(13.1: multiple vulnerabilities), gd(Leap42.1: multiple vulnerabilities), gtk2(Leap42.1; 13.2: code execution), firefox, nss(Leap42.1, 13.2: multiple vulnerabilities), samba(Leap42.1: crypto downgrade), thunderbird(13.1: multiple vulnerabilities), tiff(13.1: multiple vulnerabilities), and wpa_supplicant(Leap42.1: multiple vulnerabilities). Slackwarehas updated php(multiple vulnerabilities). Ubuntuhas updated openssl(regression in previous update).
Security advisories for Monday

This OpenSSL security advisoryis notable in that it's the second one in four days; sites that updated after the first one may need to do so again. "This security update addresses issues that were caused by patches included in our previous security update, released on 22nd September 2016. Given the Critical severity of one of these flaws we have chosen to release this advisory immediately to prevent upgrades to the affected version, rather than delaying in order to provide our usual public pre-notification."
OpenSSL security advisory for September 26

The 4.8-rc8kernel prepatch is out. "Things actually did start to calm down this week, but I didn't get the feeling that there was no point in doing one final rc, so here we are. I expect the final 4.8 release next weekend, unless something really unexpected comes up."
Kernel prepatch 4.8-rc8

Evan Prodromou, creator of identi.caand, has put a call out for interested parties to adopt the administrationof public microblogging servers, which he is currently funding out of his own pocket. "Almost all of them are on $5/month Digital Ocean droplets, which makes them relatively cheap for a single person to support. If you decide you want to adopt a server, E14N will sell you the domain and all the software and data for $1. But you'll be obligated to keep the server running for at least a year, and if you decide you don't want to run it, you have to sell it back to me."There are currently around 25 servers in the federated network initially started by Prodromou, which does not count other instances. He notes that one important exception is the site, which is significantly larger than the rest, and which he would like to find a trusted non-profit organization to maintain.
Prodromou: Adopt a server

The 4.7.5and 4.4.22stable kernel updates are available. These are relatively large updates containing the usual important fixes.
Stable kernel updates 4.7.5 and 4.4.22

At his blog, Kyle E. Mitchell ("who is not your attorney") takes a close, line-by-line readingof the popular MITsoftware license. The details he points out begin on line one with the license's title: "'The MIT License' is a not a single license, but a family of license forms derived from language prepared for releases from the Massachusetts Institute of Technology. It has seen a lot of changes over the years, both for the original projects that used it, and also as a model for other projects. The Fedora Project maintains a kind of cabinet of MIT license curiosities, with insipid variations preserved in plain text like anatomical specimens in formaldehyde, tracing a wayward kind of evolution."Despite the license being only 171 words, Mitchell finds quite a bit to expand on, such as the ambiguities of the phrase "to deal in the Software without restriction": "As a result of this mishmash of legal, industry, general-intellectual-property, and general-use terms, it isn?t clear whether The MIT License includes a patent license. The general language 'deal in' and some of the example verbs, especially 'use', point toward a patent license, albeit a very unclear one. The fact that the license comes from the copyright holder, who may or may not have patent rights in inventions in the software, as well as most of the example verbs and the definition of 'the Software' itself, all point strongly toward a copyright license."Nevertheless, Mitchell notes, "despite some crusty verbiage and lawyerly affectation, one hundred and seventy one little words can get a hell of a lot of legal work done."
Mitchell: The MIT License, Line by Line

RETIRED: FFmpeg CVE-2016-6920 Heap Buffer Overflow Vulnerability
Vuln: RETIRED: FFmpeg CVE-2016-6920 Heap Buffer Overflow Vulnerability

Drupal Core Multiple Access Bypass and Cross Site Scripting Vulnerabilities
Vuln: Drupal Core Multiple Access Bypass and Cross Site Scripting Vulnerabilities

FFmpeg CVE-2016-6920 Heap Buffer Overflow Vulnerability
Vuln: FFmpeg CVE-2016-6920 Heap Buffer Overflow Vulnerability

libgd 'gd_webp.c' Integer Overflow Vulnerability
Vuln: libgd 'gd_webp.c' Integer Overflow Vulnerability

[security bulletin] HPSBGN03650 rev.1 - HPE Network Automation Software, Local Arbitrary File Modification
Bugtraq: [security bulletin] HPSBGN03650 rev.1 - HPE Network Automation Software, Local Arbitrary File Modification

Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability
Bugtraq: Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability

Cisco Security Advisory: Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities
Bugtraq: Cisco Security Advisory: Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities

Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability
Bugtraq: Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus