Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
Flatpak 0.6.13 has been released. Major changes include a change in command line arguments for install/update/uninstall, application runtime dependencies are checked/downloaded, remote-add and install --from now supports uris, flatpak run can now launch a runtime directly, and more.
Flatpak 0.6.13

Arch Linuxhas updated linux-grsec(privilege escalation) and ocaml(information leak). CentOShas updated kernel(C7: privilege escalation). Debianhas updated php5(multiple vulnerabilities) and virtualbox(end of support). Debian-LTShas updated ghostscript(multiple vulnerabilities). Fedorahas updated bind(F23: denial of service), bind99(F23: denial of service), and libass(F24: three vulnerabilities). Mageiahas updated php(multiple vulnerabilities). openSUSEhas updated quagga(13.2: stack overrun) and virtualbox(13.2: multiple unspecified vulnerabilities). Oraclehas updated kernel(OL7: privilege escalation). Red Hathas updated bind(RHEL6.2, 6.4, 6.5, 6.6, 6.7: denial of service). Scientific Linuxhas updated kernel(SL7: privilege escalation). SUSEhas updated quagga(SLE12-SP1: stack overrun). Ubuntuhas updated linux-raspi2(16.10: privilege escalation), mysql-5.5, mysql-5.7(multiple unspecified vulnerabilities), and quagga(stack overrun).
Tuesday's security updates

Just about everyone who runs a Unix server on the internet uses SSH for remote access, and almost everyone who does that will be familiar with the log footprints of automated password-guessing bots. Although decently-secure passwords do much to harden a server against such attacks, the costs of dealing with the continual stream of failed logins can be considerable. There are ways to mitigate these costs.
[$] Dealing with automated SSH password-guessing

Valgrind 3.12.0 has been released. "3.12.0 is a feature release with many improvements and the usual collection of bug fixes. This release adds support for POWER ISA 3.0, improves instruction set support on ARM32, ARM64 and MIPS, and provides support for the latest common components (kernel, gcc, glibc). There are many smaller refinements and new features. The release notes below give more details."There will be a Valgrind developer room at FOSDEM in Brussels, Belgium, on February 4, 2017. The call for participation is open until December 1.
Valgrind-3.12.0 is available

Arch Linuxhas updated chromium(multiple vulnerabilities), kernel(privilege escalation), linux-lts(privilege escalation), python-django(cross-site request forgery), and python2-django(cross-site request forgery). CentOShas updated bind(C6; C5: denial of service) and bind97(C5: denial of service). Debianhas updated kdepimlibs(HTML injection). Debian-LTShas updated kdepimlibs(HTML injection). Fedorahas updated guile(F23: two vulnerabilities), kernel(F24; F23: privilege escalation), php(F24; F23: multiple vulnerabilities), and php-pecl-zip(F24; F23: multiple vulnerabilities). Mageiahas updated 389-ds-base(information disclosure), c-ares(code execution), guile(two vulnerabilities), openjpeg(denial of service), and php-ZendFramework(SQL injection). openSUSEhas updated Chromium(Leap42.1, 13.2: multiple vulnerabilities), dbus-1(Leap42.1: code execution), gd(13.2: denial of service), kdump(Leap42.1: denial of service), php5(13.2: three vulnerabilities), kernel(Leap42.1; 13.1: multiple vulnerabilities), tor(Leap42.1, 13.2: denial of service), and X(Leap42.1: multiple vulnerabilities). Oraclehas updated bind(OL6; OL5: denial of service), bind97(OL5: multiple vulnerabilities), and kernel 4.1.12(OL7; OL6: privilege escalation), kernel 3.8.13(OL7; OL6: privilege escalation), kernel 2.6.39(OL6; OL5: privilege escalation). Red Hathas updated kernel(RHEL7: privilege escalation). SUSEhas updated Chromium(SPH for SLE12: multiple vulnerabilities), qemu(SLE12-SP1: multiple vulnerabilities), and kernel(SLE12-SP1; SLE12; SLE11-SP4; SLE11-SP3; SLE11-SP2: privilege escalation).
Security advisories for Monday

The Linux Foundation's Technical Advisory Boardprovides the development community (primarily the kernel development community) with a voice in the Foundation's decision-making process. Among other things, the TAB chair holds a seat on the Foundation's board of directors. The next TAB election will be held on November 2 at the Kernel Summit in Santa Fe, NM; five TAB members ( of the total) will be selected there. The nomination process is open until voting begins; anybody interested in serving on the TAB is encouraged to throw their hat into the ring.
The Linux Foundation Technical Advisory Board election

The second 4.9 prepatchis out for testing, and Linus is asking for people to test one feature in particular: "My favorite new feature that I called out in the rc1 announcement (the virtually mapped stacks) is possibly implicated in some crashes that Dave Jones has been trying to figure out, so if you want to be helpful and try to see if you can give more data, please make sure to enable CONFIG_VMAP_STACK."
Kernel prepatch 4.9-rc2

The 4.8.4, 4.7.10, and 4.4.27stable updates are out. These would appear to contain the usual fixes. Note that 4.7.10 is the end of the line for the 4.7.x series.
More stable kernel updates

We live in an era of celebrity vulnerabilities; at the moment, an unpleasant kernel bug called "Dirty COW"(or CVE-2016-5195) is taking its turn on the runway. This one is more disconcerting than many due to its omnipresence and the ease with which it can be exploited. But there is also some unhappiness in the wider community about how this vulnerability has been handled by the kernel development community. It may well be time for the kernel project to rethink its approach to serious security problems.
[$] Dirty COW and clean commit messages

Debian-LTShas updated bind9(denial of service). Fedorahas updated libgit2(F23: two vulnerabilities). Mageiahas updated kernel(three vulnerabilities), libtiff(multiple vulnerabilities, two from 2015), and openslp(code execution). openSUSEhas updated dbus-1(13.2: code execution), ghostscript-library(42.1: three vulnerabilities, one from 2013), roundcubemail(42.1: two vulnerabilities), and squidGuard(42.1: cross-site scripting from 2015). Red Hathas updated bind(RHEL6&5: denial of service) and bind97(RHEL5: denial of service). Scientific Linuxhas updated bind(SL6&5: denial of service) and bind97(SL5: denial of service). Ubuntuhas updated bind9(12.04: denial of service).
Friday's security updates interviewsSylvain Zimmer, founder of the Common Searchproject, which is an effort to create an open web search engine. "Being transparent means that you can actually understand why our top search result came first, and why the second had a lower ranking. This is why people will be able to trust us and be sure we aren't manipulating results. However for this to work, it needs to apply not only to the results themselves but to the whole organization. This is what we mean by 'radical transparency.' Being a nonprofit doesn't automatically clear us of any ulterior motives, we need to go much further. As a community, we will be able to work on the ranking algorithm collaboratively and in the open, because the code is open source and the data is publicly available. We think that this means the trust in the fairness of the results will actually grow with the size of the community."
Ranking the Web With Radical Transparency (

The security hole fixed in the stable kernels released todayhas been dubbed Dirty COW(CVE-2016-5195) by a site devoted to the kernel privilege escalation vulnerability. There is some indicationthat it is being exploited in the wild. Ars Technica has some additional information. The Red Hat bugzilla entryand advisoryare worth looking at as well.
More information about Dirty COW (aka CVE-2016-5195)

CentOShas updated java-1.8.0-openjdk(C7; C6: multiple vulnerabilities). Debianhas updated kernel(multiple vulnerabilities, one from 2015). Debian-LTShas updated kernel(multiple vulnerabilities, one from 2015) and libxvmc(code execution). Fedorahas updated glibc-arm-linux-gnu(F23: denial of service) and perl-DBD-MySQL(F23: denial of service). Oraclehas updated java-1.8.0-openjdk(OL7; OL6: multiple vulnerabilities). Red Hathas updated java-1.6.0-sun(multiple vulnerabilities), java-1.7.0-oracle(multiple vulnerabilities), and java-1.8.0-oracle(RHEL7&6: multiple vulnerabilities). Scientific Linuxhas updated java-1.8.0-openjdk(SL7&6: multiple vulnerabilities). SUSEhas updated quagga(SLE11: code execution). Ubuntuhas updated kernel(12.04; 14.04; 16.04; 16.10: privilege escalation), linux-lts-trusty(12.04: privilege escalation), linux-lts-xenial(14.04: privilege escalation), linux-raspi2(16.04: privilege escalation), linux-snapdragon(16.04: privilege escalation), and linux-ti-omap4(12.04: privilege escalation).
Security advisories for Thursday

The 4.8.3, 4.7.9, and 4.4.26stable kernel updates have been released. There's nothing in the announcements to indicate this, but they all contain a fix for CVE-2016-5195, a bug that can allow local attackers to overwrite files they should not have write access to. So the "all users must upgrade"message seems more than usually applicable this time around.
An important set of stable kernel updates

The Weekly Edition for October 20, 2016 is available.
[$] Weekly Edition for October 20, 2016

Adobe Flash Player APSB16-32 Multiple Use After Free Remote Code Execution Vulnerabilities
Vuln: Adobe Flash Player APSB16-32 Multiple Use After Free Remote Code Execution Vulnerabilities

Adobe Flash Player CVE-2016-6992 Type Confusion Remote Code Execution Vulnerability
Vuln: Adobe Flash Player CVE-2016-6992 Type Confusion Remote Code Execution Vulnerability

Adobe Flash Player CVE-2016-4286 Unspecified Security Bypass Vulnerability
Vuln: Adobe Flash Player CVE-2016-4286 Unspecified Security Bypass Vulnerability

Adobe Flash Player APSB16-32 Multiple Unspecified Memory Corruption Vulnerabilities
Vuln: Adobe Flash Player APSB16-32 Multiple Unspecified Memory Corruption Vulnerabilities

CVE-2016-6804 Apache OpenOffice Windows Installer Untrusted Search Path
Bugtraq: CVE-2016-6804 Apache OpenOffice Windows Installer Untrusted Search Path

wincvs- Privilege Escalation
Bugtraq: wincvs- Privilege Escalation

APPLE-SA-2016-10-24-3 Safari 10.0.1
Bugtraq: APPLE-SA-2016-10-24-3 Safari 10.0.1

[SECURITY] [DSA 3698-1] php5 security update
Bugtraq: [SECURITY] [DSA 3698-1] php5 security update

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus