Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
Greg Kroah-Hartman has announced the release of the 4.8.13and 4.4.37stable kernels. As usual, there are fixes throughout the tree and users of those kernel series should upgrade. Note that the fixfor the kernel code execution vulnerabilityusing AF_PACKETsockets (also known as CVE-2016-8655) has not made it into these stable kernels. Those running systemd may want to check Lennart Poettering's blog poston how to mitigate the problem for services started by systemd.
Stable kernels 4.8.13 and 4.4.37

Over at the Fedora Community Blog, Brian Proffitt writesabout Fedora member Matthew Williams who passed away recently from cancer. "Matthew?s passion to constantly improve the software and hardware with which he worked created a tireless advocate for the Fedora Project, and his presence was felt at conferences across the nation: SCaLE, Ohio LinuxFest, and the former Indiana LinuxFest, an Indianapolis-based event that he helped found. Matthew also devoted time to interviewing and archiving notable figures in the free and open source software communities to learn what drove people to work on their projects. He was also very driven to share what he knew, launching the Open FOSS trainingsite in 2015 to help new Linux users with getting involved with any Linux distribution. While he was active in the Fedora community, Matthew was also very involved with Ubuntu as well."
Remembering a friend: Matthew Williams (Fedora Community Blog)

Debianhas updated xen(multiple vulnerabilities). Debian-LTShas updated gst-plugins-bad0.10(code execution) and gst-plugins-base0.10(code execution). Fedorahas updated memcached(F25: three vulnerabilities), ntp(F25; F24; F23: multiple vulnerabilities), php-php-gettext(F23: code execution), and phpMyAdmin(F23: multiple vulnerabilities). Gentoohas updated binutils(multiple vulnerabilities from 2014), coreutils(code execution from 2014), cracklib(code execution), jq(code execution from 2015), openjpeg(multiple vulnerabilities, one from 2015), socat(encryption botch), and sqlite(code execution from 2015). Mageiahas updated kernel(multiple vulnerabilities) and ntp(multiple vulnerabilities). openSUSEhas updated kernel(42.2; 42.1: multiple vulnerabilities, some from 2015). Oraclehas updated kernel 4.1.12(OL7; OL6: two vulnerabilities). Red Hathas updated atomic-openshift(RHOSCP 3.3, 3.2, 3.1:), chromium-browser(RHEL6: many vulnerabilities), and openstack-cinder and openstack-glance(RHOSP 9.0: denial of service from 2015). SUSEhas updated firefox(SLE12: code execution), java-1_6_0-ibm(SLE11: multiple vulnerabilities), java-1_7_1-ibm(SLE12; SLE11: multiple vulnerabilities), kernel(SLE12: three vulnerabilities), and xen(SLE11: multiple vulnerabilities). Ubuntuhas updated openjdk-6(12.04: multiple vulnerabilities).
Thursday's security updates

The Weekly Edition for December 8, 2016 is available.
[$] Weekly Edition for December 8, 2016

Recently Chris Evans, an IT security expert currently working for Tesla, published a series of blog posts about security vulnerabilities in the GStreamermultimedia framework. A combination of the Chrome browser and GNOME-based desktops creates a particularly scary vulnerability. Evans also made a provocative statement: that vulnerabilities of this severity currently wouldn't happen in Windows 10. Is the state of security on the Linux desktop really that bad ? and what can be done about it?Subscribers can click below for the full story from this week's edition.
[$] GStreamer and the state of Linux desktop security

The Xen Project Blog has releasedthe Xen Project Hypervisor 4.8. "As always, we focused on improving code quality, security hardening as well as enabling new features. One area of interest and particular focus is new feature support for ARM servers. Over the last few months, we?ve seen a surge of patches from various ARM vendors that have collaborated on a wide range of updates from new drivers to architecture to security."
What?s New with Xen Project Hypervisor 4.8?

Arch Linuxhas updated kernel(privilege escalation), linux-grsec(privilege escalation), and linux-lts(privilege escalation). CentOShas updated sudo(C6: privilege escalation) and thunderbird(C6; C5: code execution). Debian-LTShas updated mapserver(information leak). Fedorahas updated mingw-nsis(F23: DLL hijacking). Gentoohas updated mercurial(multiple vulnerabilities), openssh(multiple vulnerabilities), openssl(multiple vulnerabilities), and pecl-http(code execution). Mageiahas updated drupal(two vulnerabilities), kernel-linus-4.4.32(multiple vulnerabilities), and kernel-tmb-4.4.32(multiple vulnerabilities). openSUSEhas updated libXrender(13.2: insufficient validation), libXtst(13.2: insufficient validation), libXv(13.2: insufficient validation), libXvMC(13.2: insufficient validation), roundcubemail(Leap42.2,42.1: two vulnerabilities), roundcubemail(13.2: cross-site scripting), tiff(13.2: multiple vulnerabilities), and X(Leap42.2, 42.1, 13.2: multiple vulnerabilities). Oraclehas updated sudo(OL7; OL6: privilege escalation). SUSEhas updated kernel(SLE12-SP1: three vulnerabilities).
Security advisories for Wednesday

WordPress 4.7 ?Vaughan? has been released. This version includes a new default theme, adds new features to the customizer, comes with REST API endpoints for posts, comments, terms, users, meta, and settings, and more. "To help give you a solid base to build from, individual themes can provide starter content that appears when you go to customize your brand new site. This can range from placing a business information widget in the best location to providing a sample menu with social icon links to a static front page complete with beautiful images. Don?t worry ? nothing new will appear on the live site until you?re ready to save and publish your initial theme setup."
WordPress 4.7

The maintainer model is deeply ingrained into the culture of the free-software community; for any bit of code, there is usually a developer (or a small group of developers) charged with that code's maintenance. Good maintainers can help a project run smoothly, while poor maintainers can run things into the ground. What is to be done to save a project with the latter type of maintainer? Forking can be an option in some cases but, in many others, it's not a practical alternative. The Debian project is currently discussing its approach to bad maintainers ? a discussion which has taken a surprising turn.
[$] Maintainerless Debian?

Debian-LTShas updated monit(regression in previous update). Fedorahas updated dpkg(F25; F24; F23: code execution), gstreamer-plugins-bad-free(F25: code execution), gstreamer1-plugins-bad-free(F24: code execution), gstreamer1-plugins-good(F24: multiple vulnerabilities), kernel(F25; F24; F23: denial of service), and thunderbird(F25: code execution). Gentoohas updated arj(multiple vulnerabilities) and util-linux(command injection). Mageiahas updated firefox(code execution), thunderbird(multiple vulnerabilities), and virtualbox(multiple vulnerabilities). openSUSEhas updated GraphicsMagick(Leap42.1; 13.2: two vulnerabilities), ImageMagick(13.2: two vulnerabilities), mariadb(Leap42.2; Leap42.1: multiple mostly unspecified vulnerabilities), firefox, thunderbird, nss(13.1: multiple vulnerabilities), tcpreplay(Leap42.2: denial of service), kernel(13.1: multiple vulnerabilities), and thunderbird(SPH for SLE12: multiple vulnerabilities). Oraclehas updated thunderbird(OL7; OL6: code execution). Red Hathas updated bind(RHEL6.2, 6.4, 6.5, 6.6, 6.7: denial of service) and sudo(RHEL6,7: privilege escalation). SUSEhas updated java-1_6_0-ibm(SLEMLS12: multiple vulnerabilities) and firefox, nss(SLE12-SP2,SP1: multiple vulnerabilities). Ubuntuhas updated kernel(16.10; 16.04; 14.04; 12.04: code execution), linux-lts-trusty(12.04: code execution), linux-lts-xenial(14.04: code execution), linux-raspi2(16.10; 16.04: code execution), linux-snapdragon(16.04: code execution), and linux-ti-omap4(12.04: code execution).
Tuesday's security updates

James Bottomley has posted a tutorialon using the trusted platform module to store cryptographic keys. "The main thing that came out of this discussion was that a lot of this stack complexity can be hidden from users and we should concentrate on making the TPM 'just work' for all cryptographic functions where we have parallels in the existing security layers (like the keystore). One of the great advantages of the TPM, instead of messing about with USB pkcs11 tokens, is that it has a file format for TPM keys (I?ll explain this later) which can be used directly in place of standard private key files."
Bottomley: Using Your TPM as a Secure Key Store

Arch Linuxhas updated chromium(multiple vulnerabilities) and libdwarf(multiple vulnerabilities). CentOShas updated firefox(C6; C5: code execution). Debian-LTShas updated openafs(information leak). Fedorahas updated firefox(F25; F24; F23: code execution), gstreamer1-plugins-bad-free(F25: code execution), gstreamer1-plugins-good(F25: code execution), p7zip(F24; F23: denial of service), phpMyAdmin(F25: multiple vulnerabilities), thunderbird(F24: code execution), and xen(F25; F24; F23: multiple vulnerabilities). Gentoohas updated busybox(two vulnerabilities), chromium(multiple vulnerabilities), cifs-utils(code execution from 2014), dpkg(code execution), gd(multiple vulnerabilities), libsndfile(two vulnerabilities), libvirt(path traversal), nghttp2(code execution), nghttp2(denial of service), patch(denial of service), and pygments(shell injection). openSUSEhas updated containerd, docker, runc(Leap42.1, 42.2: permission bypass), firefox(two vulnerabilities), java-1_7_0-openjdk(13.1: multiple vulnerabilities), java-1_8_0-openjdk(Leap42.1, 42.2: multiple vulnerabilities), libarchive(Leap42.2; Leap42.1: multiple vulnerabilities), thunderbird(code execution), nodejs4(Leap42.2: code execution), phpMyAdmin(multiple vulnerabilities), sudo(Leap42.2; Leap42.1: three vulnerabilities), tar(Leap42.1, 42.2: file overwrite), and vim(Leap42.2; Leap42.1, 13.2: code execution). Red Hathas updated thunderbird(code execution). SUSEhas updated qemu(SLE12-SP1: multiple vulnerabilities).
Security advisories for Monday

The 4.9-rc8kernel prepatch is out; the final 4.9 release will need one more week. "So if anybody has been following the git tree, it should come as no surprise that I ended up doing an rc8 after all: things haven't been bad, but it also hasn't been the complete quiet that would have made me go 'no point in doing another week'."
Kernel prepatch 4.9-rc8

Over at, Rich Bowen gives an overviewof the changes in the OpenStackNewton release that was made in October. In it, he looks at each of sub-projects and highlights some of the changes for them that were in the release, which is also useful as a kind high-level guide to some of the various sub-projects and their roles. "With a product as large as OpenStack, summarizing what's new in a particular release is challenging. (See the full release notesfor more details.) Each deployment of OpenStack might use a different combination of services and projects, and so will care about different updates. Added to that, the release notes for the various projects tend to be extremely technical in nature, and often don't do a great job of calling out the changes that will actually be noticed by either operators or users."
What's new in OpenStack in 2016: A look at the Newton release (

Google's Project Zero blog has a detailed lookat exploiting a vulnerability in Android's ashmemshared-memory facility. "The mismatch between the mmap-ed and munmap-ed length provides us with a great exploitation primitive! Specifically, we could supply a short length for the mmapoperation and a longer length for the munmapoperation - thus resulting in deletion of an arbitrarily large range of virtual memory following our bitmap object. Moreover, there?s no need for the deleted range to contain one continuous memory mapping, since the range supplied in munmapsimply ignores unmapped pages. Once we delete a range of memory, we can then attempt to ?re-capture? that memory region with controlled data, by causing another allocation in the remote process. By doing so, we can forcibly ?free? a data structure and replace its contents with our own chosen data -- effectively forcing a use-after-free condition."
BitUnmap: Attacking Android Ashmem (Project Zero blog)

Linux Kernel 'ip_tunnel.c' Local Integer Overflow Vulnerability
Vuln: Linux Kernel 'ip_tunnel.c' Local Integer Overflow Vulnerability

PHP FormMail Generator VU#494015 Multiple Security Vulnerabilities
Vuln: PHP FormMail Generator VU#494015 Multiple Security Vulnerabilities

INTERSCHALT VDR G4e CVE-2016-9339 Directory Traversal Vulnerability
Vuln: INTERSCHALT VDR G4e CVE-2016-9339 Directory Traversal Vulnerability

Symantec VIP Access Desktop DLL Loading CVE-2016-6593 Local Code Execution Vulnerability
Vuln: Symantec VIP Access Desktop DLL Loading CVE-2016-6593 Local Code Execution Vulnerability

Symantec VIP Access Desktop Arbitrary DLL Execution
Bugtraq: Symantec VIP Access Desktop Arbitrary DLL Execution

AST-2016-009: <br>
Bugtraq: AST-2016-009:

AST-2016-008: Crash on SDP offer or answer from endpoint using Opus
Bugtraq: AST-2016-008: Crash on SDP offer or answer from endpoint using Opus

CVE-2013-1306: MSIE 9 MSHTML CDisp­Node::Insert­Sibling­Node use-after-free details
Bugtraq: CVE-2013-1306: MSIE 9 MSHTML CDisp­Node::Insert­Sibling­Node use-after-free details

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus