Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
The Weekly Edition for May 5, 2016 is available.
[$] Weekly Edition for May 5, 2016

Greg Kroah-Hartman has released stable kernels 4.5.3, 4.4.9, and 3.14.68. All contain important fixes throughout the tree.
New stable kernels

[Building visualizations in Caravel]One aspect of the heavily hyped Internet of Things (IoT) that can easily get overlooked is that each of the Things one hooks up to the Internet invariably spews out a near non-stop stream of data. While commercial IoT users—such as utility companies—generally have a well-established grasp of what data interests them and how to process it, the DIY crowd is better served by flexible tools that make exploring and transforming data easy. Airbnb maintains an open-source Python utility called Caravelthat provides such tools. There are many alternatives, of course, but Caravel does a good job at ingesting data and smoothly molding it into nice-looking interactive graphs—with a few exceptions.
[$] Caravel data visualization

Arch Linuxhas updated imlib2(multiple vulnerabilities), jasper(multiple vulnerabilities), lib32-openssl(multiple vulnerabilities), and openssl(multiple vulnerabilities). CentOShas updated kernel(C6: two vulnerabilities). Debianhas updated openssl(multiple vulnerabilities). Debian-LTShas updated asterisk(multiple vulnerabilities), extplorer(cross-site scripting), minissdpd(denial of service), and openssl(multiple vulnerabilities). Fedorahas updated cacti(F23; F22: three vulnerabilities). openSUSEhas updated Chromium(SPH for SLE12; Leap42.1; 13.2: multiple vulnerabilities), giflib(Leap42.1: denial of service), java-1_7_0-openjdk(13.2: multiple vulnerabilities), java-1_8_0-openjdk(13.2: multiple vulnerabilities), jq(Leap42.1; 13.2: heap buffer overflow), libgcrypt(Leap42.1: key leak), firefox, nss(Leap42.1, 13.2: multiple vulnerabilities), wireshark(Leap42.1, 13.2: multiple vulnerabilities), xerces-j2(13.2: denial of service), and yast2-users(Leap42.1: empty passwords fields in /etc/shadow). Oraclehas updated kernel(OL6: two vulnerabilities). Red Hathas updated java-1.8.0-ibm(RHEL7: multiple vulnerabilities), jenkins(RHOSE3.1: multiple vulnerabilities), and kernel(RHEL6: two vulnerabilities). Scientific Linuxhas updated kernel(SL6: two vulnerabilities). Slackwarehas updated openssl(multiple vulnerabilities). SUSEhas updated openssl(SLE12: multiple vulnerabilities), openssl1(SLES11: multiple vulnerabilities), and kernel(SLE11-SP3, SOSC5, SMP2.1: multiple vulnerabilities).
Security advisories for Wednesday

The interfaces supported by Linux to provide access to information about processes and files have literally been around for decades. One might think that, by this time, they would have reached a state of relative perfection. But things are not so perfect that developers are deterred from working on alternatives; the motivating factor in the two cases studied here is the same: reducing the cost of getting information out of the kernel while increasing the range of information that is available. Click below (subscribers only) for the full article from this week's Kernel Page.
[$] task_diag and statx()

Mercurial revision-control system developer Mathias De Maré summarizes the changesin the 3.7 and 3.8 releases. "Mercurial 3.7 had a major focus on performance. This is ? to a large degree ? due to large users like Facebook and Mozilla working on both performance and scalability."
De Maré: Mercurial 3.7 and 3.8

The Linux Embedded Development Environment (or LEDE) project, a fork (or "spinoff") of OpenWrt, has announced its existence. "We are building an embedded Linux distribution that makes it easy for developers, system administrators or other Linux enthusiasts to build and customize software for embedded devices, especially wireless routers. [...] Members of the project already include a significant share of the most active members of the OpenWrt community. We intend to bring new life to Embedded Linux development by creating a community with a strong focus on transparency, collaboration and decentralisation."The new project lives at (Thanks to Mattias Mattsson).
The Linux Embedded Development Environment launches

Over at the grsecurityforums, Brad Spengler writesabout a recently released proof of conceptattack on the kernel using JIT spraying. "What happened next was the hardening of the BPF interpreter in grsecurity to prevent such future abuse: the previously-abused arbitrary read/write from the interpreter was now restricted only to the interpreter buffer itself, and the previous warn on invalid BPF instructions was turned into a BUG() to terminate execution of the exploit. I also then developed GRKERNSEC_KSTACKOVERFLOW which killed off the stack overflow class of vulns on x64. A short time later, there was work being done upstream to extend the use of BPF in the kernel. This new version was called eBPF and it came with a vastly expanded JIT. I immediately saw problems with this new version and noticed that it would be much more difficult to protect -- verification was being done against a writable buffer and then translated into another writable buffer in the extended BPF language. This new language allowed not just arbitrary read and write, but arbitrary function calling."The protections in the grsecurity kernel will thus prevent this attack. In addition, the newly released RAP featurefor grsecurity, which targets the elimination of return-oriented programming(ROP) vulnerabilities in the kernel, will also ensure that "the fear of JIT spraying goes away completely", he said.
Linux Kernel BPF JIT Spraying (grsecurity forums)

Debian-LTShas updated openjdk-7(multiple vulnerabilities) and smarty3(code execution). Fedorahas updated php(F23: multiple vulnerabilities). Gentoohas updated git(multiple vulnerabilities). Oraclehas updated mercurial(OL7: two vulnerabilities). Scientific Linuxhas updated mercurial(SL7: two vulnerabilities). Slackwarehas updated mercurial(code execution). Ubuntuhas updated libtasn1-3, libtasn1-6(15.10, 14.04, 12.04: denial of service), libtasn1-6(16.04: denial of service), openssl(multiple vulnerabilities), poppler(15.10, 14.04, 12.04: multiple vulnerabilities), and firefox(12.04: denial of service).
Security advisories for Tuesday

The Android security bulletin for Mayis available. It lists 40 different CVE numbers addressed by the May over-the-air update; the bulk of those are at a severity level of "high"or above. "Partners were notified about the issues described in the bulletin on April 04, 2016 or earlier. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository over the next 48 hours. We will revise this bulletin with the AOSP links when they are available. The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files."
May Android security bulletin

The International Day Against DRM is May 3. "Participate in person at one of the planned events, or join us Tuesday on for ways to take action against DRM. There will also be a list of discounted ebook offerings from stores participating in the Day."
Intl. Day Against DRM is Tuesday

Arch Linuxhas updated firefox(multiple vulnerabilities). CentOShas updated mercurial(C7: two vulnerabilities). Debianhas updated botan1.10(multiple vulnerabilities), chromium-browser(multiple vulnerabilities), poppler(code execution), and tardiff(two vulnerabilities). Debian-LTShas updated botan1.10(multiple vulnerabilities), gdk-pixbuf(two vulnerabilities), mysql-5.5(multiple vulnerabilities), poppler(code execution), and subversion(two vulnerabilities). Fedorahas updated ansible(F23; F22: code execution), firefox(F23: multiple vulnerabilities), gd(F23: code execution), openvas-cli(F23: cross-site scripting), openvas-gsa(F23: cross-site scripting), openvas-libraries(F23: cross-site scripting), openvas-manager(F23: cross-site scripting), openvas-scanner(F23: cross-site scripting), roundcubemail(F23; F22: multiple vulnerabilities), and xen(F23; F22: multiple vulnerabilities). Mageiahas updated chromium-browser-stable(multiple vulnerabilities), firefox(multiple vulnerabilities), pgpdump(denial of service), php(multiple vulnerabilities), php-ZendFramework(multiple vulnerabilities), and roundcubemail(three vulnerabilities). Red Hathas updated chromium-browser(RHEL6: multiple vulnerabilities), java-1.6.0-ibm(RHEL5,6: multiple vulnerabilities), java-1.7.0-ibm(RHEL5: multiple vulnerabilities), java-1.7.1-ibm(RHEL7: multiple vulnerabilities), mercurial(RHEL7: two vulnerabilities), and rh-mysql56-mysql(RHSCL: multiple vulnerabilities). Slackwarehas updated ntp(multiple vulnerabilities), php(multiple vulnerabilities), and subversion(two vulnerabilities). Ubuntuhas updated ubuntu-core-launcher(16.04: code execution).
Security updates for Monday

The "linux-insides"series of articles has gained an overview of inline assembly in GCC. "I've decided to write this to consolidate my knowledge related to inline assembly here. As inline assembly statements are quite common in the Linux kernel and we may see them in linux-insides parts sometimes, I thought that it would be useful if we would have a special part which contains descriptions of the more important aspects of inline assembly. Of course you may find comprehensive information about inline assembly in the official documentation, but I like the rules all in one place."
A guide to inline assembly code in GCC

The 4.6-rc6kernel prepatch is out. Linus says: "Things continue to be fairly calm, although I'm pretty sure I'll still do an rc7 in this series."As of this prepatch the code name has been changed to "Charred Weasel."
Kernel prepatch 4.6-rc6

The Devuan community has finally gotten a beta release out for testing. "Debian GNU+Linux [sic] is a fork of Debian without systemd, on its way to become much more than that. This Beta release marks an important milestone towards the sustainability and the continuation of Devuan as an universal base distribution."
Devuan Jessie beta released

GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
Vuln: GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities

Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4893 Remote Security Vulnerability

Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4872 Remote Security Vulnerability

Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4842 Remote Security Vulnerability

[SECURITY] [DSA 3569-1] openafs security update
Bugtraq: [SECURITY] [DSA 3569-1] openafs security update

[SECURITY] [DSA 3568-1] libtasn1-6 security update
Bugtraq: [SECURITY] [DSA 3568-1] libtasn1-6 security update

FreeBSD Security Advisory FreeBSD-SA-16:17.openssl
Bugtraq: FreeBSD Security Advisory FreeBSD-SA-16:17.openssl

Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
Bugtraq: Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus