Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
Ars technica is carrying an editorial from Oracle's attorneyin its fight with Google; it would seem that this ruling is the end of the world. "It is hard to see how GPL can survive such a result. In fact, it is hard to see how ownership of a copy of any software protected by copyright can survive this result. Software businesses now must accelerate their move to the cloud where everything can be controlled as a service rather than software. Consumers can expect to find decreasing options to own anything for themselves, decreasing options to control their data, decreasing options to protect their privacy."
Oracle attorney says Google?s court victory might kill the GPL (ars technica)

At its blog, the Open Source Initiative (OSI) announcesthe deployment of "a machine readable publication of OSI approved licenses"accessible via The service is designed to "store a central list of crosswalks and common identifiers to other services, allowing third parties who are already license-aware to provide their mappings, and pull OSI approval status programatically."Programs can query a license by its Software Package Data Exchange(SPDX) ID and determine whether or not it is OSI-approved. API wrappers are available for Python, Ruby, and Go.
OSI: Announcing the Open Source License API

Arch Linuxhas updated libxml2(multiple vulnerabilities). Debianhas updated libgd2(multiple vulnerabilities). Fedorahas updated jenkins(F23; F22: multiple vulnerabilities). openSUSEhas updated docker(13.2: privilege escalation), libreoffice(13.2: multiple vulnerabilities), ntp(13.2: multiple vulnerabilities), and systemd(Leap 42.1: multiple vulnerabilities). Ubuntuhas updated eglibc, glibc(12.04, 14.04, 15.10: multiple vulnerabilities; regression).
Friday's security updates

Worth a read: this paper [PDF]From Kaiyuan Yang et al. on how an analog back door can be placed into a hardware platform like a CPU. "In this paper, we show how a fabrication-time attacker can leverage analog circuits to create a hardware attack that is small (i.e., requires as little as one gate) and stealthy (i.e., requires an unlikely trigger sequence before effecting [sic] a chip?s functionality). In the open spaces of an already placed and routed design, we construct a circuit that uses capacitors to siphon charge from nearby wires as they transition between digital values. When the capacitors fully charge, they deploy an attack that forces a victim flip-flop to a desired value. We weaponize this attack into a remotely-controllable privilege escalation by attaching the capacitor to a wire controllable and by selecting a victim flip-flop that holds the privilege bit for our processor."
Analog malicious hardware

Ars technica reportsthat Google has prevailed against Oracle in its court battle over the use of the Java APIs in Android. "There was only one question on the special verdict form, asking if Google's use of the Java APIs was a 'fair use' under copyright law. The jury unanimously answered 'yes,' in Google's favor. The verdict ends the trial, which began earlier this month."
Google beats Oracle?Android makes ?fair use? of Java APIs (ars technica)

Debian-LTShas updated bozohttpd(two vulnerabilities, one from 2014), ruby-mail(SMTP injection), and xymon(multiple vulnerabilities). Also, the Debian-LTS team has announcedthat some packages will not be supported (libv8, mediawiki, sogo, and vlc) for Debian 7 ("wheezy"), so users of those should upgrade to Debian 8 ("jessie"). Red Hathas updated rh-mariadb100-mariadb(RHSC: many vulnerabilities). Ubuntuhas updated eglibc, glibc(15.10, 14.04, 12.04: multiple vulnerabilities, some from 2013 and 2014) and samba(16.04, 15.10, 14.04: regression in previous security fix).
Security updates for Thursday

The Weekly Edition for May 26, 2016 is available.
[$] Weekly Edition for May 26, 2016

Arch Linuxhas updated libndp(man-in-the-middle attacks). Fedorahas updated kernel(F22: multiple vulnerabilities). Red Hathas updated jq(RHOSP8: code execution). Slackwarehas updated libarchive(code execution). Ubuntuhas updated php5, php7.0(multiple vulnerabilities).
Security advisories for Wednesday

By all accounts, the Internet's transition to IPv6 has been a slow affair. In recent years, though, perhaps inspired by the exhaustion of the IPv4 address space, IPv6 usage has been on the rise. There is a corresponding interest in ensuring that applications work with both IPv4 and IPv6. But, as a recent discussion on the OpenBSD mailing list has highlighted, a mechanism designed to ease the transition to an IPv6 network may also make the net less secure ? and Linux distributions may be configured insecurely by default.
[$] Should distributors disable IPv4-mapped IPv6?

On the Tor blog, Nick Mathewson reportson an informal survey he did for "severe"bugs in Torover the last few years. It breaks down the 70 bugs he found into different categories that are correlated with some recommendations for ways to try to avoid them in the future. For example: "Recommendation 5.1: all backward compatibility code should have a timeout date. On several occasions we added backward compatibility code to keep an old version of Tor working, but left it enabled for longer than we needed to. This code has tended not to get the same regular attention it deserves, and has also tended to hold surprising deviations from the specification. We should audit the code that's there today and see what we can remove, and we should never add new code of this kind without adding a ticket and a comment planning to remove it."Many of the recommendations are likely applicable to other projects.
Mathewson: Mid-2016 Tor bug retrospective, with lessons for future coding

GitLab 8.8 has been releasedwith pipeline visualization, .gitignoretemplates, the GitLab Container Registry, and more. "In this release, we are supercharging GitLab CI. First with Pipelines and now with GitLab Container Registry. GitLab Container Registry is a secure and private registry for Docker images. It isn't just a standalone registry; it's completely integrated with GitLab. In fact, our container registry is actually the first Docker registry that is fully-integrated with git repository management and comes out of the box with GitLab 8.8. So if you've upgraded, you already have it! Our integrated Container Registry requires no additional installation. It allows for easy upload and download of images from GitLab CI. And it's free."
GitLab 8.8 released with Pipelines and .gitignore templates

Debianhas updated atheme-services(denial of service). Fedorahas updated gsi-openssh(F23: privilege escalation), imlib2(F23; F22: multiple vulnerabilities), and websvn(F23; F22: cross-site scripting). Mageiahas updated glibc(multiple vulnerabilities), golang(denial of service), pcre(two vulnerabilities), and xerces-j2(denial of service). Red Hathas updated jq(RHELOSP7 for RHEL7; RHELOSP6 for RHEL7: code execution) and kernel(RHEL6.6: two remote denial of service vulnerabilities). SUSEhas updated IBM Java 1.6.0(SLES10-SP4: multiple vulnerabilities).
Tuesday's security updates has an interview with Dietrich Ayalaabout using old smartphones for home automation. "Ayala spent a lot of time studying the readouts from sensors, as well as from the phone?s microphone, camera, and, radios, that would enable a remote user to draw conclusions about what was happening at home. This contextual information could then be codified into more useful notifications. With ambient light, for example, if it suddenly goes dark in the daytime, maybe someone is standing over a device, explained Ayala. Feedback from the accelerometer can be analyzed to determine the difference between footsteps, an earthquake, or someone picking up the device. Scripts can use radio APIs to determine if a person moving around is carrying a phone with a potentially revealing Bluetooth signature."
Repurposing Old Smartphones for Home Automation (

Debianhas updated wireshark(multiple vulnerabilities). Debian-LTShas updated extplorer(cross-site request forgery), graphicsmagick(multiple vulnerabilities), and imagemagick(multiple vulnerabilities). Fedorahas updated cacti(F23; F22: SQL injection), dosfstools(F23: two vulnerabilities), libksba(F22: denial of service), libndp(F23; F22: man-in-the-middle attacks), mingw-openssl(F23: multiple vulnerabilities), moodle(F23: multiple vulnerabilities), openvpn(F22: multiple vulnerabilities), pgpdump(F23; F22: denial of service), php-symfony(F23; F22: buffer overflow), qemu(F22: multiple vulnerabilities), rpm(F22: two vulnerabilities), thunderbird(F23: multiple vulnerabilities), and wordpress(F23; F22: two cross-site scripting vulnerabilities). Mageiahas updated apache-mod_nss(invalid handling of +CIPHER operator), bugzilla(cross-site scripting), jansson(denial of service), libgd(denial of service), libreoffice(code execution), networkmanager(information leak), openvpn(multiple vulnerabilities), p7zip(code execution), php-ZendFramework2(insecure ciphertexts), and wpa_supplicant(two vulnerabilities). openSUSEhas updated kernel(Leap42.1: multiple vulnerabilities). Oraclehas updated docker-engine(OL7; OL6: privilege escalation) and kernel 3.8.13(OL7; OL6: multiple vulnerabilities), kernel 2.6.39(OL6; OL5: multiple vulnerabilities), kernel 2.6.32(OL6; OL5: multiple vulnerabilities). Red Hathas updated kernel(RHEL6.4: two remote denial of service vulnerabilities). Scientific Linuxhas updated libndp(SL7: man-in-the-middle attacks). Slackwarehas updated curl(server spoofing). SUSEhas updated firefox(SLE11-SP4,SP3: multiple vulnerabilities), java-1_6_0-ibm(SOSC5, SMP2.1, SM2.1, SLES11SP3,SP2: multiple vulnerabilities), and java-1_7_0-ibm(SOSC5, SMP2.1, SM2.1, SLES11SP3,SP2: multiple vulnerabilities).
Security advisories for Monday

Version 1.2.0of the Roundcube web-based email system has been released. The headline feature this time around would appear to be support for encrypted mail with PGP; the encryption can be handled either centrally in the server, or in the browser via the "Mailvelope"browser plugin. A complete list of changes can be found in the changelog.
Roundcube Webmail 1.2.0 released

GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
Vuln: GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities

Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4893 Remote Security Vulnerability

Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4872 Remote Security Vulnerability

Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4842 Remote Security Vulnerability

[SECURITY] [DSA 3588-1] symfony security update
Bugtraq: [SECURITY] [DSA 3588-1] symfony security update

[slackware-security] php (SSA:2016-148-03)
Bugtraq: [slackware-security] php (SSA:2016-148-03)

[slackware-security] libxslt (SSA:2016-148-02)
Bugtraq: [slackware-security] libxslt (SSA:2016-148-02)

[slackware-security] libxml2 (SSA:2016-148-01)
Bugtraq: [slackware-security] libxml2 (SSA:2016-148-01)

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus