Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
CentOShas updated java-1.8.0-openjdk(C7; C6: multiple vulnerabilities). Debianhas updated libphp-swiftmailer(code execution), mariadb-10.0(multiple mostly unspecified vulnerabilities), and openjpeg2(multiple vulnerabilities). Debian-LTShas updated groovy(code execution) and opus(code execution). Fedorahas updated docker-latest(F24: privilege escalation), ed(F25: denial of service), groovy(F25: code execution), libnl3(F25; F24: privilege escalation), opus(F25; F24: code execution), qemu(F25: multiple vulnerabilities), squid(F25: two vulnerabilities), and webkitgtk4(F25; F24: multiple vulnerabilities). Gentoohas updated DBD-mysql(multiple vulnerabilities), dcraw(denial of service from 2015), DirectFB(two vulnerabilities from 2014), libupnp(two vulnerabilities), lua(code execution from 2014), ppp(denial of service from 2015), qemu(multiple vulnerabilities), quagga(two vulnerabilities), and zlib(multiple vulnerabilities). Mageiahas updated libpng, libpng12(NULL dereference bug). openSUSEhas updated perl-DBD-mysql(42.2, 42.1: three vulnerabilities) and xtrabackup(42.2; 42.1: information disclosure). Oraclehas updated java-1.8.0-openjdk(OL7; OL6: multiple vulnerabilities). SUSEhas updated gstreamer-0_10-plugins-good(SLE12-SP1; SLE11-SP4: multiple vulnerabilities).
Security advisories for Monday

The free software community tends to focus its spotlight on developers and users while paying rather less attention to the maintainers that keep our projects going. Nadia Eghbal spent a year and a half studying how the community works, and has concluded that we have a problem with maintainership; her 2017 keynote was dedicated to explaining the problem and how we might want to deal with it. But first, she talked about lobsters.
[$] Consider the maintainer

The 2017 organizers have put up videos of the talksin near-record time. There's a lot of good stuff there, some of which will be written up for LWN in the near future.
Videos from 2017

Linus has released the 4.10-rc5kernel prepatch for testing, noting that "everything looks nominal". He also changed the codename from the short-lived "Roaring Lionus"to "Anniversary Edition".
Kernel prepatch 4.10-rc5

Matthias Clasen looksat how to debug an application built into a Flatpak. Since the runtime environment for a Flatpak application is quite different than normal, even running GDB requires taking some different steps. "Now for the last trick: I was complaining about stacktraces without symbols at the beginning. In rpm-based distributions, the debug symbols are split off into debuginfo packages. Flatpak does something similar and splits all the debug information of runtimes and apps into separate ?runtime extensions?, which by convention have .Debug appended to their name. So the debug info for org.gnome.Recipes is in the org.gnome.Recipes.Debug extension. When you use the ?devel option, flatpak automatically includes the Debug extensions for the application and runtime, if they areavailable. So, for the most useful stacktraces, make sure that you have the Debug extensions for the apps and runtimes in question installed."
Clasen: Debugging a Flatpak application

The 4.9.5and 4.4.44stable kernels have been announced by Greg Kroah-Hartman. As usual, users of those kernel series should upgrade.
Stable kernels 4.9.5 and 4.4.44

Arch Linuxhas updated php(three vulnerabilities), powerdns(MV), and powerdns-recursor(three vulnerabilities). Debianhas updated mysql-5.5(multiple unspecified vulnerabilities). Debian-LTShas updated libphp-swiftmailer(code execution). Gentoohas updated curl(MV, two from 2014), cvs(code execution from 2012), icedtea-bin(MV), irssi(MV), and nss(MV, three from 2015). openSUSEhas updated pdns-recursor(42.2, 42.1: denial of service) and squid(42.1: two vulnerabilities, one from 2014). Red Hathas updated java-1.8.0-openjdk(RHEL7&6: MV), openstack-cinder(OSP6.0 for RHEL7; OSP5.0 for RHEL7; OSP5.0 for RHEL6: denial of service from 2015), and python-XStatic-jquery-ui(OSP7.0 for RHEL7: cross-site scripting). SUSEhas updated gstreamer-0_10-plugins-good(SLE12SP2: MV).
Friday's security updates

Daniel Vetter has posted the text of his talkon kernel maintenance. "At least for me, review isn?t just about ensuring good code quality, but also about diffusing knowledge and improving understanding. At first there?s maybe one person, the author (and that?s not a given), understanding the code. After good review there should be at least two people who fully understand it, includingcorner cases. And that?s also why I think that group maintainership is the only way to run any project with more than one regular contributor."
Vetter: Maintainers don't scale

On his blog, Alexander Larsson begins a description of flatpak security. "Long story short, flatpak uses bubblewrapto create a filesystem namespace for the sandbox. This starts out with a tmpfs as the root filesystem, and in this we bind-mount read-only copies of the runtime on /usr and the application data on /app. Then we mount various system things like a minimal /dev, our own instance of /proc and symlinks into /usr from /lib and /bin. We also enable all the available namespaces so that the sandbox cannot see other processes/users or access the network. On top of this we use seccompto filter out syscalls that are risky. For instance ptrace, perf, and recursive use of namespaces, as well as weird network families like DECnet. In order for the application to be able to write data anywhere we bind mount $HOME/.var/app/$APPID/ into the sandbox, but this is the only persistent writable location."
Larsson: The flatpak security model ? part 1: The basics

CentOShas updated kernel(C7: three vulnerabilities). Debianhas updated mapserver(code execution). Debian-LTShas updated libav(multiple vulnerabilities) and mapserver(code execution). Fedorahas updated ark(F25: code execution), chicken(F25; F24: two vulnerabilities), and runc(F25: privilege escalation). openSUSEhas updated libgit2(42.1; SPH for SLE12: two vulnerabilities), openjpeg2(42.1: multiple vulnerabilities), and v8(42.2: code execution). Red Hathas updated java-1.6.0-sun(multiple vulnerabilities), java-1.7.0-oracle(multiple vulnerabilities), and java-1.8.0-oracle(RHEL7&6: multiple vulnerabilities). Slackwarehas updated mariadb(multiple unspecified vulnerabilities). Ubuntuhas updated mysql-5.5, mysql-5.7(multiple unspecified vulnerabilities).
Security updates for Thursday

The Weekly Edition for January 19, 2017 is available.
[$] Weekly Edition for January 19, 2017

Nobody starts a free-software project hoping that it will fail, so it is a rare project indeed that plans for its eventual demise. But not all projects succeed, and a project that doesn't plan for failure risks is doing its users harm. Dan Callahan joined Mozilla to work on the Personaauthentication project, and he was there for its recent shutdown. At the 2017 in Hobart, Tasmania, he used his keynote slot to talk about the lessons that have been learned about designing a project for failure.
[$] Designing for failure

Arch Linuxhas updated webkit2gtk(multiple vulnerabilities). CentOShas updated qemu-kvm(C7: denial of service). Debian-LTShas updated icoutils(multiple vulnerabilities). Fedorahas updated icoutils(F25; F24: three vulnerabilities), mingw-libgsf(F25: denial of service), and php-PHPMailer(F24: three vulnerabilities). openSUSEhas updated bind(42.2, 42.1; 13.2: three denial of service flaws), libgit2(13.2: two vulnerabilities), openjpeg2(13.2: multiple vulnerabilities), pdns(42.2, 42.1, 13.2: multiple vulnerabilities), qemu(42.2: multiple vulnerabilities), and squid(42.2: three vulnerabilities, one from 2014). Oraclehas updated kernel(OL7: three vulnerabilities) and qemu-kvm(OL7: denial of service). Red Hathas updated docker(RHEL7: privilege escalation), docker-latest(RHEL7: privilege escalation), kernel(RHEL7: three vulnerabilities), kernel-rt(RHEL7; RHEMRG2.5: three vulnerabilities), qemu-kvm(RHEL7: denial of service), and runc(RHEL7: privilege escalation). Scientific Linuxhas updated kernel(SL7: three vulnerabilities) and qemu-kvm(SL7: denial of service). SUSEhas updated kernel(SLE12-SP2: multiple vulnerabilities). Ubuntuhas updated nvidia-graphics-drivers-304 and nvidia-graphics-drivers-340(denial of service).
Wednesday's security updates

The Free Software Foundation has reworked its high-priority project listto reflect its view of computing in 2017. See the changelogfor a list of the changes that were made. Among other things, the Gnash flash player has fallen off the list. "Smart phones are the most widely used form of personal computer today. Thus, the need for a fully free phone operating system is crucial to the proliferation of software freedom."
An updated FSF high-priority project list

Arch Linuxhas updated python-crypto(code execution) and python2-crypto(code execution). CentOShas updated bind(C7; C6; C5: denial of service) and bind97(C5: denial of service). Debian-LTShas updated pdns-recursor(code execution). Fedorahas updated bind(F24: three denial of service flaws), bind99(F24: three denial of service flaws), and SimGear(F25: file overwrites). Gentoohas updated file(multiple vulnerabilities), libxml2(multiple vulnerabilities), miniupnpc(denial of service), pidgin(multiple vulnerabilities), vlc(code execution), and xdelta(code execution). openSUSEhas updated ark(42.2, 42.1; SPH for SLE12: code execution), encfs(42.2, 42.1, 13.2: code execution from 2014), gstreamer-0_10-plugins-bad(13.2: code execution), gstreamer-0_10-plugins-base(13.2: code execution), gstreamer-0_10-plugins-good(13.2: multiple vulnerabilities), gstreamer-plugins-bad(42.1; 13.2: three vulnerabilities), gstreamer-plugins-base(42.1; 13.2: code execution), gstreamer-plugins-good(42.1; 13.2: multiple vulnerabilities), icinga(14.2, 14.1: two vulnerabilities), icoutils(42.2; 42.1; 13.2: multiple vulnerabilities), openjpeg2(42.2: multiple vulnerabilities), pcsc-lite(42.2, 42.1, 13.2: privilege escalation), and python-pycrypto(14.2, 14.1, 13.2: denial of service). Oraclehas updated bind(OL7; OL6; OL5: denial of service), bind97(OL5: denial of service), and docker-engine docker-engine-selinux(OL7; OL6: two vulnerabilities). Red Hathas updated kernel(RHEL6.5: code execution). Scientific Linuxhas updated bind(SL7; SL5,6: denial of service) and bind97(SL5: denial of service).
Security advisories for Tuesday

LibTIFF CVE-2017-5563 Heap Based Buffer Overflow Vulnerability
Vuln: LibTIFF CVE-2017-5563 Heap Based Buffer Overflow Vulnerability

OnePlus 3 and 3T CVE-2017-5554 Local Denial of Service Vulnerability
Vuln: OnePlus 3 and 3T CVE-2017-5554 Local Denial of Service Vulnerability

Libimobiledevice Libplist 'plistutil.c' Heap Buffer Overflow Vulnerability
Vuln: Libimobiledevice Libplist 'plistutil.c' Heap Buffer Overflow Vulnerability

Wireshark Multiple Denial of Service Vulnerabilities
Vuln: Wireshark Multiple Denial of Service Vulnerabilities

ESA-2016-150: RSAŽ Security Analytics Reflected Cross-Site Scripting Vulnerability
Bugtraq: ESA-2016-150: RSAŽ Security Analytics Reflected Cross-Site Scripting Vulnerability

ESA-2016-146: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability
Bugtraq: ESA-2016-146: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability

Microsoft Remote Desktop Client for Mac Remote Code Execution - Update
Bugtraq: Microsoft Remote Desktop Client for Mac Remote Code Execution - Update

[SECURITY] [DSA 3770-1] mariadb-10.0 security update
Bugtraq: [SECURITY] [DSA 3770-1] mariadb-10.0 security update

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus