Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
The Tor Browser Team has announced the releaseof Tor browser 6.0. This release brings the browser up-to-date with Firefox 45-ESR, which provides better support for HTML5 video on Youtube, as well as a host of other improvements. DuckDuckGo is now the default search engine. "Lately, we got a couple of comments on our blog and via email wondering why we are now using DuckDuckGo as the default search engine and not Disconnect anymore. Well, we still use Disconnect. But for a while now Disconnect has no access to Google search results anymore which we used in Tor Browser. Disconnect being more a meta search engine which allows users to choose between different search providers fell back to delivering Bing search results which were basically unacceptable quality-wise. While Disconnect is still trying to fix the situation we asked them to change the fallback to DuckDuckGo as their search results are strictly better than the ones Bing delivers."
Tor Browser 6.0 is released

Arch Linuxhas updated chromium(multiple vulnerabilities). CentOShas updated ntp(C7; C6: multiple vulnerabilities), openssl(C5: code execution), squid(C7; C6: multiple vulnerabilities), and squid34(C6: multiple vulnerabilities). Debianhas updated gdk-pixbuf(two vulnerabilities) and symfony(two vulnerabilities). Debian-LTShas updated eglibc(multiple vulnerabilities), libtasn1-3(denial of service), openafs(multiple vulnerabilities), pdns(insecure database permissions), phpmyadmin(regression in previous update), postgresql-9.1(multiple vulnerabilities), ruby-activerecord-3.2(restriction bypass), and wireshark(multiple vulnerabilities). Fedorahas updated bugzilla(F23; F22: cross-site scripting), kf5-kinit(F23: insecure permissions), libarchive(F22: code execution), libimobiledevice(F23: sockets listening on INADDR_ANY), libusbmuxd(F23: sockets listening on INADDR_ANY), php(F23: two vulnerabilities), qemu(F23: multiple vulnerabilities), webkitgtk4(F23: two vulnerabilities), and xen(F23; F22: privilege escalation). Gentoohas updated libfpx(denial of service), nss(multiple vulnerabilities), pam(multiple vulnerabilities), and rsync(multiple vulnerabilities). Mageiahas updated botan(two vulnerabilities), docker(privilege escalation), mediawiki(multiple vulnerabilities), and phpmyadmin(cross-site scripting). openSUSEhas updated Chromium(SPH for SLE12; Leap42.1: multiple vulnerabilities), expat(13.2: two vulnerabilities), libxml2(13.2: two vulnerabilities), libxslt(13.2: denial of service), phpMyAdmin(Leap42.1, 13.2: cross-site scripting), redis(Leap42.1, 13.2: denial of service), and samba(13.2: man-in-the-middle attack). Red Hathas updated ntp(RHEL6,7: multiple vulnerabilities), openssl(RHEL5: code execution), python27(RHSCL2.2: multiple vulnerabilities), squid(RHEL7; RHEL6: multiple vulnerabilities), and squid34(RHEL6: multiple vulnerabilities). Slackwarehas updated imagemagick(shell vulnerability), libxml2(three vulnerabilities), libxslt(denial of service), thunderbird(multiple vulnerabilities), and php(multiple vulnerabilities). SUSEhas updated Xen(SLES10-SP4: multiple vulnerabilities).
Security updates for Tuesday

Qubes founder Joanna Rutkowska writes about how Qubes works to avoid building compromised softwareinto its distribution. "Ultimately, we would like to introduce a multiple-signature scheme, in which several developers (from different countries, social circles, etc.) can sign Qubes-produced binaries and ISOs. Then, an adversary would have to compromise all the build locations in order to get backdoored versions signed. For this to happen, we need to make the build process deterministic (i.e. reproducible). Yet, this task still seems to be years ahead of us."
Rutkowska: Security challenges for the Qubes build process

Version 3.0 of the Krita painting applicationhas been released. "Wrapping up a year of work, this is a really big release: animation support integrated into Krita?s core, Instant Preview for better performance painting and drawing with big brushes on big canvases, ported to the latest version of the Qt platform and too many bigger and smaller new features and improvements to mention!".
Krita 3.0 released

Linus has released 4.7-rc1and closed the merge window for this release, saying "this time around we have a fairly big change to the vfs layer that allows filesystems (if they buy into it) to do readdir() and path component lookup in parallel within the same directory. That's probably the biggest conceptual vfs change we've had since we started doing cached pathname lookups using RCU."The code name has been changed to "Psychotic Stoned Sheep."
Kernel prepatch 4.7-rc1

Ars technica is carrying an editorial from Oracle's attorneyin its fight with Google; it would seem that this ruling is the end of the world. "It is hard to see how GPL can survive such a result. In fact, it is hard to see how ownership of a copy of any software protected by copyright can survive this result. Software businesses now must accelerate their move to the cloud where everything can be controlled as a service rather than software. Consumers can expect to find decreasing options to own anything for themselves, decreasing options to control their data, decreasing options to protect their privacy."
Oracle attorney says Google?s court victory might kill the GPL (ars technica)

At its blog, the Open Source Initiative (OSI) announcesthe deployment of "a machine readable publication of OSI approved licenses"accessible via The service is designed to "store a central list of crosswalks and common identifiers to other services, allowing third parties who are already license-aware to provide their mappings, and pull OSI approval status programatically."Programs can query a license by its Software Package Data Exchange(SPDX) ID and determine whether or not it is OSI-approved. API wrappers are available for Python, Ruby, and Go.
OSI: Announcing the Open Source License API

Arch Linuxhas updated libxml2(multiple vulnerabilities). Debianhas updated libgd2(multiple vulnerabilities). Fedorahas updated jenkins(F23; F22: multiple vulnerabilities). openSUSEhas updated docker(13.2: privilege escalation), libreoffice(13.2: multiple vulnerabilities), ntp(13.2: multiple vulnerabilities), and systemd(Leap 42.1: multiple vulnerabilities). Ubuntuhas updated eglibc, glibc(12.04, 14.04, 15.10: multiple vulnerabilities; regression).
Friday's security updates

Worth a read: this paper [PDF]From Kaiyuan Yang et al. on how an analog back door can be placed into a hardware platform like a CPU. "In this paper, we show how a fabrication-time attacker can leverage analog circuits to create a hardware attack that is small (i.e., requires as little as one gate) and stealthy (i.e., requires an unlikely trigger sequence before effecting [sic] a chip?s functionality). In the open spaces of an already placed and routed design, we construct a circuit that uses capacitors to siphon charge from nearby wires as they transition between digital values. When the capacitors fully charge, they deploy an attack that forces a victim flip-flop to a desired value. We weaponize this attack into a remotely-controllable privilege escalation by attaching the capacitor to a wire controllable and by selecting a victim flip-flop that holds the privilege bit for our processor."
Analog malicious hardware

Ars technica reportsthat Google has prevailed against Oracle in its court battle over the use of the Java APIs in Android. "There was only one question on the special verdict form, asking if Google's use of the Java APIs was a 'fair use' under copyright law. The jury unanimously answered 'yes,' in Google's favor. The verdict ends the trial, which began earlier this month."
Google beats Oracle?Android makes ?fair use? of Java APIs (ars technica)

Debian-LTShas updated bozohttpd(two vulnerabilities, one from 2014), ruby-mail(SMTP injection), and xymon(multiple vulnerabilities). Also, the Debian-LTS team has announcedthat some packages will not be supported (libv8, mediawiki, sogo, and vlc) for Debian 7 ("wheezy"), so users of those should upgrade to Debian 8 ("jessie"). Red Hathas updated rh-mariadb100-mariadb(RHSC: many vulnerabilities). Ubuntuhas updated eglibc, glibc(15.10, 14.04, 12.04: multiple vulnerabilities, some from 2013 and 2014) and samba(16.04, 15.10, 14.04: regression in previous security fix).
Security updates for Thursday

The Weekly Edition for May 26, 2016 is available.
[$] Weekly Edition for May 26, 2016

Arch Linuxhas updated libndp(man-in-the-middle attacks). Fedorahas updated kernel(F22: multiple vulnerabilities). Red Hathas updated jq(RHOSP8: code execution). Slackwarehas updated libarchive(code execution). Ubuntuhas updated php5, php7.0(multiple vulnerabilities).
Security advisories for Wednesday

By all accounts, the Internet's transition to IPv6 has been a slow affair. In recent years, though, perhaps inspired by the exhaustion of the IPv4 address space, IPv6 usage has been on the rise. There is a corresponding interest in ensuring that applications work with both IPv4 and IPv6. But, as a recent discussion on the OpenBSD mailing list has highlighted, a mechanism designed to ease the transition to an IPv6 network may also make the net less secure ? and Linux distributions may be configured insecurely by default.
[$] Should distributors disable IPv4-mapped IPv6?

On the Tor blog, Nick Mathewson reportson an informal survey he did for "severe"bugs in Torover the last few years. It breaks down the 70 bugs he found into different categories that are correlated with some recommendations for ways to try to avoid them in the future. For example: "Recommendation 5.1: all backward compatibility code should have a timeout date. On several occasions we added backward compatibility code to keep an old version of Tor working, but left it enabled for longer than we needed to. This code has tended not to get the same regular attention it deserves, and has also tended to hold surprising deviations from the specification. We should audit the code that's there today and see what we can remove, and we should never add new code of this kind without adding a ticket and a comment planning to remove it."Many of the recommendations are likely applicable to other projects.
Mathewson: Mid-2016 Tor bug retrospective, with lessons for future coding

GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
Vuln: GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities

Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4893 Remote Security Vulnerability

Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4872 Remote Security Vulnerability

Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4842 Remote Security Vulnerability

FreeBSD Security Advisory FreeBSD-SA-16:23.libarchive
Bugtraq: FreeBSD Security Advisory FreeBSD-SA-16:23.libarchive

FreeBSD Security Advisory FreeBSD-SA-16:22.libarchive
Bugtraq: FreeBSD Security Advisory FreeBSD-SA-16:22.libarchive

FreeBSD Security Advisory FreeBSD-SA-16:21.43bsd
Bugtraq: FreeBSD Security Advisory FreeBSD-SA-16:21.43bsd

FreeBSD Security Advisory FreeBSD-SA-16:20.linux
Bugtraq: FreeBSD Security Advisory FreeBSD-SA-16:20.linux

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus