Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
Collabora Office 5.3 has been releasedwith all the fixes and several backported features from the upstream LibreOffice 5.3 release. "The biggest change in this release is the inclusion of a long list of new features, combined with many User Interface improvements, making Collabora Office more powerful and at the same time faster and more comfortable to work with."
Collabora Office 5.3 Released

The multiqueue block layer subsystem, introduced in 2013, was a necessary step for the kernel to scale to the fastest storage devices on large systems. The implementation in current kernels is incomplete, though, in that it lacks an I/O scheduler designed to work with multiqueue devices. That gap is currently set to be closed in the 4.12 development cycle when the kernel will probably get not just one, but two new multiqueue I/O schedulers.
[$] Two new block I/O schedulers for 4.12

Stable kernel 3.18.50has been released with many important fixes. Users should upgrade.
Stable kernel 3.18.50

Security updates have been issued by Arch Linux(firefox and weechat), Debian(chicken, firefox-esr, libcroco, libreoffice, and tiff), Fedora(backintime, bind, firefox, libarchive, libnl3, pcre2, php-pear-CAS, and python-django), Mageia(icu and proftpd), openSUSE(mozilla-nss and wireshark), Red Hat(java-1.6.0-sun, java-1.7.0-oracle, and java-1.8.0-oracle), Scientific Linux(firefox and java-1.8.0-openjdk), Slackware(mozilla, ntp, and proftpd), and Ubuntu(firefox).
Security updates for Monday

The openSUSE project has announced that the release following openSUSE Leap 42 will be called openSUSE Leap 15. "SUSE have decided that their next version of SLE will be 15, not 13. Upon learning of SUSE's plans the Board and Leap release team have been considering our options. This included ignoring the changes to SLE and releasing Leap 43 as planned, at the cost of the link between SLE versions and Leap versions. 45 was also considered, as were some frankly hilarious ideas that made me worry about my own sanity and that of my fellow contributors. After considering the pros and cons of all the options however, the decision has been that Leap 15 will be our next version."
openSUSE Leap's backward version jump

Linus has released 4.11-rc8instead of the expected 4.11 final. "So originally I was just planning on releasing the final 4.11 today, but while we didn't have a *lot* of changes the last week, we had a couple of really annoying ones, so I'm doing another rc release instead. I did get fixes for the issues that popped up, so I could have released 4.11 as-is, but it just doesn't feel right."
Kernel prepatch 4.11-rc8

Over at, Rich Bowen looksat some of the new features in OpenStack Ocata, which was releasedback in February. "First, it's important to remember that the Ocata cycle was very short. We usually do a release every six months, but with the rescheduling of the OpenStack Summit and OpenStack PTG (Project Team Gathering) events, Ocata was squeezed into 4 months to realign the releases with these events. So, while some projects squeezed a surprising amount of work into that time, most projects spent the time on smaller features and finishing up tasks leftover from the previous release. At a high level, the Ocata release was all about upgrades and containers, themes that I heard from almost every team I interviewed. Developers spoke of how we can make upgrades smoother, and how we can deploy bits of the infrastructure in containers. These two things are closely related, and there seems to be more cross-project collaboration this time around than I've noticed in the past."
What's new in OpenStack Ocata (

The 4.10.12, 4.9.24, and 4.4.63stable kernels have been released. Users of those series should upgrade.
Stable kernels 4.10.12, 4.9.24, and 4.4.63 released

Security updates have been issued by CentOS(bind, firefox, java-1.8.0-openjdk, and nss and nss-util), Debian(icedove), Fedora(jenkins-xstream and xstream), Mageia(chromium-browser-stable, flash-player-plugin, gimp, and wireshark), openSUSE(gstreamer-0_10-plugins-base), Oracle(bind, firefox, java-1.8.0-openjdk, and nss and nss-util), Red Hat(firefox and java-1.8.0-openjdk), Scientific Linux(bind, firefox, nss and nss-util, and nss-util), SUSE(xen), and Ubuntu(bind9, curl, freetype, and qemu).
Security updates for Friday

Here's an articledescribing how the Python global interpreter lock works and some nuances of writing threaded Python code. "Although the GIL does not excuse us from the need for locks, it does mean there is no need for fine-grained locking. In a free-threaded language like Java, programmers make an effort to lock shared data for the shortest time possible, to reduce thread contention and allow maximum parallelism. Because threads cannot run Python in parallel, however, there's no advantage to fine-grained locking. So long as no thread holds a lock while it sleeps, does I/O, or some other GIL-dropping operation, you should use the coarsest, simplest locks possible."
Grok the GIL (

The scheduler is a topic of keen interest for the desktop user; the scheduling algorithm partially determines the responsiveness of the Linux desktop as a whole. Con Kolivas maintains a series of scheduler patch sets that he has tuned considerably over the years for his own use, focusing primarily on latency reduction for a better desktop experience. In early October 2016, Kolivas updated the design of his popular desktop scheduler patch set, which he renamed MuQSS. It is an update (and a name change) from his previous scheduler, BFS, and it is designed to address scalability concerns that BFS had with an increasing number of CPUs.
[$] The MuQSS CPU scheduler

Security updates have been issued by Arch Linux(chromium and nss), CentOS(bind and qemu-kvm), Debian(firefox-esr, ghostscript, hunspell-en-us, and uzbek-wordlist), Fedora(php-onelogin-php-saml), openSUSE(bind, gstreamer-plugins-good, and xen), Red Hat(bind, firefox, nss, nss and nss-util, and nss-util), and SUSE(ruby2.1).
Security updates for Thursday

The Weekly Edition for April 20, 2017 is available.
[$] Weekly Edition for April 20, 2017

Linux usage in networking hardware has been on the rise for some time. During the latest Netdev conferenceheld in Montreal this April, people talked seriously about Linux running on high end, "top of rack"(TOR) networking equipment. Those devices have long been the realm of proprietary hardware and software companies like Cisco or Juniper, but Linux seems to be making some significant headway into the domain. Are we really seeing the rise of Linux in high-end networking hardware?
[$] The rise of Linux-based networking hardware

Mozilla has released Firefox 53.0. From the release notes: "Today's Firefox release makes Firefox faster and more stable with a separate process for graphics compositing (the Quantum Compositor). Compact themes and tabs save screen real estate, and the redesigned permissions notification improves usability. Learn more on the Mozilla Blog."
Firefox 53.0 released

Shopware CVE-2016-3109 Arbitrary Code Execution Vulnerability
Vuln: Shopware CVE-2016-3109 Arbitrary Code Execution Vulnerability

XOOPS CVE-2017-7944 Cross Site Scripting Vulnerability
Vuln: XOOPS CVE-2017-7944 Cross Site Scripting Vulnerability

pcs daemon CVE-2016-0721 Session Fixation Vulnerability
Vuln: pcs daemon CVE-2016-0721 Session Fixation Vulnerability

Linux Kernel CVE-2017-8064 Local Denial of Service Vulnerability
Vuln: Linux Kernel CVE-2017-8064 Local Denial of Service Vulnerability

CVE-2017-7192: Starscream library before 2.0.4 allows SSL pinning bypass
Bugtraq: CVE-2017-7192: Starscream library before 2.0.4 allows SSL pinning bypass

[SECURITY] [DSA 3831-1] firefox-esr security update
Bugtraq: [SECURITY] [DSA 3831-1] firefox-esr security update

[HITB-Announce] HITB GSEC 2017 CFP Closes April 30th
Bugtraq: [HITB-Announce] HITB GSEC 2017 CFP Closes April 30th

October CMS v1.0.412 several vulnerabilities
Bugtraq: October CMS v1.0.412 several vulnerabilities

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus