Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
Open-source font developer Vernon Adams has passed awayin California at the age of 49. [Vernon Adams]In 2014, Adams was injured in an automobile collision, sustaining serious trauma from which he never fully recovered. Perhaps best known within the Linux community as the creator of KDE's user-interface font Oxygen, Adams created a total of 51 font familiespublished through Google Fonts, all under open licenses. He was also active in a number of related free-software projects, including FontForge, Metapolator, and the Open Font Library. In 2012, he co-authored the user's guide for FontForge as part of Google's Summer of Code Documentation Camp, which we reported onat that time. Speaking personally, Vernon was always quick to offer encouragement and assistance to newcomers—regardless of their experience with type design, FontForge, or free software in general. There were also few people who put as much energy into improving the usability of free-software design tools as he did. In addition, he was a constant advocate for free-software principles in the world of fonts—not just on development lists and at libre graphics conferences, but on type forums as well, where "open source"did not automatically garner a warm reception. The tagline on his web sitewas "fonts for everyone,"and he meant it. He'll be missed.
Remembering Vernon Adams

Arch Linuxhas updated wireshark-cli(multiple vulnerabilities). Debianhas updated mupdf(two denial of service flaws). Debian-LTShas updated eog(out-of-bounds write), quagga(two vulnerabilities), ruby-actionpack-3.2(multiple vulnerabilities), and ruby-activesupport-3.2(denial of service). Fedorahas updated lcms2(F24: heap memory leak), uClibc(F24: code execution), and webkitgtk4(F24: multiple vulnerabilities). openSUSEhas updated Firefox(13.1: buffer overflow), firefox, nss(Leap42.1, 13.2: buffer overflow), phpMyAdmin(Leap42.1, 13.2; 13.1: multiple vulnerabilities), and typo3-cms-4_5(Leap42.1, 13.2: three vulnerabilities). Oraclehas updated java-1.6.0-openjdk(OL7; OL6; OL5: multiple vulnerabilities) and kernel 4.1.12(OL7; OL6: multiple vulnerabilities).
Security advisories for Monday

Hanno Böck performed some fuzz testing on the dpkg and RPM package managers and reported the results; it seems that one of the projects has been rather more responsive than the otherin fixing these issues. "The development process of RPM seems to be totally chaotic, it's neither clear where one reports bugs nor where one gets the latest code and security bugs don't get fixed within a reasonable time. There's been some recent events that make me feel especially worried about this..."It seems that some of the maintenance issues with RPM may not have improved greatly since they were reported hereten years ago.
Böck: Multiple vulnerabilities in RPM ? and a rant

The 4.8-rc4kernel prepatch is out. "Everything looks normal, and it's been a bit quieter than rc3 too, so hopefully we're well into the "it's calming down"phase. Although with the usual timing-related fluctuation (different maintainers stagger their pulls differently), it's hard to tell a trend yet."
Kernel prepatch 4.8-rc4

While distribution-hopping is common among newcomers to Linux, longtime users tend to settle into a distribution they like and stay put thereafter. In the end, Linux distributions are more alike than different, and one's time is better spent getting real work done rather than looking for a shinier version of the operating system. Your editor, however, somehow never got that memo; that's what comes from ignoring Twitter, perhaps. So there is a new distribution on the main desktop machine; this time around it's openSUSE Tumbleweed.
[$] Trying out openSUSE Tumbleweed

Nextcloud 10 has been releasedwith new features for system administrators to control and direct the flow of data between users on a Nextcloud server. "Rule based file tagging and responding to these tags as well as other triggers like physical location, user group, file properties and request type enables administrators to specifically deny access to, convert, delete or retain data following business or legal requirements. Monitoring, security, performance and usability improvements complement this release, enabling larger and more efficient Nextcloud installations."
Nextcloud 10 released

The Maru OS handset distribution that includes an Ubuntu desktop (reviewed herein April) is finally available in source form. "If you're interested in contributing in general, please check out the project's GitHub (, get up and running with the developer guide (, and join the developer group (!forum/maru-os-dev)"
The long-awaited Maru OS source release

Arch Linuxhas updated mediawiki(multiple vulnerabilities). CentOShas updated java-1.6.0-openjdk(C7; C6; C5: multiple vulnerabilities). Debianhas updated flex(code execution), imagemagick(multiple vulnerabilities), quagga(two vulnerabilities), and rails(cross-site scripting). Fedorahas updated gnupg(F24: flawed random number generation), openvpn(F24: information disclosure), and rubygem-actionview(F24; F23: cross-site scripting). Red Hathas updated java-1.6.0-openjdk(RHEL5,6,7: multiple vulnerabilities). Scientific Linuxhas updated java-1.6.0-openjdk(SL5,6,7: multiple vulnerabilities).
Security advisories for Friday

Version 1.1.0 of the OpenSSL TLS library is available. A list of changes can be found on this page; they include a new threading API, a number of new algorithms and the removal of a number of older ones, pipelining(parallel processing) support, extended master secretsupport, and more.
OpenSSL 1.1.0 released

Lubomir Rintel takes a lookat new features in NetworkManager 1.4. "It is now possible to randomize the MAC address of Ethernet devices to mitigate possibility of tracking. The users can choose between different policies; use a completely random address, or just use different addresses in different networks. For Wi-Fi devices, the same randomization modes are now supported and does no longer require support from wpa-supplicant."Also a newly added API for using configuration snapshots that automatically roll back after a timeout, IPv6 tokenized interface identifiers can be configured, new features in nmcli, and more are covered. (Thanks to Paul Wise)
Rintel: NetworkManager 1.4: with better privacy and easier to use

Fedorahas updated eog(F23: out-of-bounds write). openSUSEhas updated ImageMagick(Leap42.1: three vulnerabilities). Red Hathas updated qemu-kvm-rhev(RHOSP9: two vulnerabilities) and Red Hat OpenShift Enterprise 2.2.10(RHOSE: multiple vulnerabilities). Ubuntuhas updated eog(out-of-bounds write), harfbuzz(16.04, 14.04: two vulnerabilities), and libidn(multiple vulnerabilities).
Thursday's security updates

The Weekly Edition for August 25, 2016 is available.
[$] Weekly Edition for August 25, 2016

On August 25, 1991, an obscure student in Finland named Linus Benedict Torvalds posted a messageto the comp.os.minix Usenet newsgroup saying that he was working on a free operating system as a project to learn about the x86 architecture. He cannot possibly have known that he was launching a project that would change the computing industry in fundamental ways. Twenty-five years later, it is fair to say that none of us foresaw where Linux would go ? a lesson that should be taken to heart when trying to imagine where it might go from here.
[$] 25 Years of Linux ? so far

The Gentoo community is mourning the loss of Jonathan Portnoy. "Jon was an active member of the International Gentoo community, almost since its founding in 1999. He was still active until his last day. His passing has struck us deeply and with disbelief. We all remember him as a vivid and enjoyable person, easy to reach out to and energetic in all his endeavors."
In Memory of Jonathan ?avenj? Portnoy

CentOShas updated kernel(C6: TCP injection). Debian-LTShas updated libgcrypt11(flawed random number generation). Fedorahas updated eog(F24: out-of-bounds write), kernel(F23: use-after-free), mariadb(F23: multiple vulnerabilities), mingw-lcms2(F24: heap memory leak), postgresql(F23: multiple vulnerabilities), and python(F23: proxy injection). openSUSEhas updated libidn(Leap 42.1: multiple vulnerabilities) and kernel(13.2: multiple vulnerabilities). Oraclehas updated kernel(O6: TCP injection). Red Hathas updated kernel(RHEL 7.1: multiple vulnerabilities; RHEL6: TCP injection) and qemu-kvm-rhev(RHOSP8: multiple vulnerabilities). Scientific Linuxhas updated kernel(SL6: TCP injection). Slackwarehas updated gnupg(flawed random number generation), kernel(14.2: TCP injection), and libgcrypt(flawed random number generation).
Wednesday's security updates

file 'readelf.c' Out-of-Bounds Read Vulnerability
Vuln: file 'readelf.c' Out-of-Bounds Read Vulnerability

OpenSSL 'crypto/asn1/a_d2i_fp.c' Local Denial of Service Vulnerability
Vuln: OpenSSL 'crypto/asn1/a_d2i_fp.c' Local Denial of Service Vulnerability

PHP 'cdf_read_property_info()' Function CVE-2014-3587 Incomplete Fix Denial of Service Vulnerability
Vuln: PHP 'cdf_read_property_info()' Function CVE-2014-3587 Incomplete Fix Denial of Service Vulnerability

file 'src/readelf.c' Denial of Service Vulnerability
Vuln: file 'src/readelf.c' Denial of Service Vulnerability

Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2
Bugtraq: Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2

[SECURITY] [DSA 3654-1] quagga security update
Bugtraq: [SECURITY] [DSA 3654-1] quagga security update

Necroscan <= v0.9.1 Buffer Overflow
Bugtraq: Necroscan

[SECURITY] [DSA 3652-1] imagemagick security update
Bugtraq: [SECURITY] [DSA 3652-1] imagemagick security update

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus