Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
In my previous article, I gave an introduction to the open architecture of RISC-V. This article looks at how I and a small team of Fedorausers ported a large part of the Fedora package set to RISC-V. It was a daunting task, especially when there is no real hardware or existing infrastructure, but we were able to get there in a part-time effort over a year and a half or so. Subscribers can read on for a look at getting Fedora onto RISC-V by guest author Richard W.M. Jones.
[$] Porting Fedora to RISC-V

Some years ago, prominent community leaders doubtedthat even short-term stable maintenance of kernel releases was feasible. More recently, selecting an occasional kernel for a two-year maintenance cycle has become routine, and some kernels, such as 3.2 under the care of Ben Hutchings, have received constant maintenance for as much as six years. But even that sort of extended maintenance is not enough for some use cases, as Yoshitake Kobayashi explained in his Embedded Linux Conference talk. To meet those needs, the Civil Infrastructure Platform (CIP)project is setting out to maintain releases for a minimum of 20 years.
[$] Super long-term kernel support

Stable kernels 4.15.11and 4.14.28have been released. They both contain many fixes throughout the tree and users should upgrade.
Two stable kernels

Security updates have been issued by Arch Linux(firefox, libvorbis, and ntp), Debian(curl, firefox-esr, gitlab, libvorbis, libvorbisidec, openjdk-8, and uwsgi), Fedora(firefox, ImageMagick, kernel, and mailman), Gentoo(adobe-flash, jabberd2, oracle-jdk-bin, and plasma-workspace), Mageia(bugzilla, kernel, leptonica, libtiff, libvorbis, microcode, python-pycrypto, SDL_image, shadow-utils, sharutils, and xerces-c), openSUSE(exempi, firefox, GraphicsMagick, libid3tag, libraw, mariadb, php5, postgresql95, SDL2, SDL2_image, ucode-intel, and xmltooling), Red Hat(firefox), Slackware(firefox and libvorbis), SUSE(microcode_ctl and ucode-intel), and Ubuntu(firefox and php5, php7.0, php7.1).
Security updates for Monday

The 4.16-rc6kernel prepatch is out. "Go test, things are stable and there's no reason to worry, but all the usual reasons to just do a quick build and verification that everything works for everybody. Ok?"
Kernel prepatch 4.16-rc6

Greg Kroah-Hartman has released the 4.9.88, 4.4.122, and 3.18.100stable kernels. As usual, they contain fixes throughout the tree and users of those series should upgrade.
Some weekend stable kernels

Security updates have been issued by CentOS(firefox), Debian(clamav and firefox-esr), openSUSE(Chromium and kernel-firmware), Oracle(firefox), Red Hat(ceph), Scientific Linux(firefox), Slackware(curl), and SUSE(java-1_7_1-ibm and mariadb).
Security updates for Friday

Over on the Red Hat Developer Program blog, David Malcolm describesa number of usability improvements that he has made for the upcoming GCC 8release. Malcolm has made a number of the C/C++ compiler error messages much more helpful, including adding hints for integrated development environments (IDEs) and other tools to suggest fixes for syntax and other kinds of errors. "[...] the code is fine, but, as is common with fragments of code seen on random websites, it?s missing #includedirectives. If you simply copy this into a new file and try to compile it as-is, it fails. This can be frustrating when copying and pasting examples ? off the top of your head, which header files are needed by the above? ? so for gcc 8 I?ve added hints telling you which header files are missing (for the most common cases)."He has various examples showing what the new error messages and hints look like in the blog post.
Malcolm: Usability improvements in GCC 8

Alex Shi's posting of a patch seriesbackporting a set of Meltdown fixes for the arm64 architecture to the 4.9 kernel might seem like a normal exercise in making important security fixes available on older kernels. But this case raised a couple of interesting questions about why this backport should be accepted into the long-term-support kernels ? and a couple of equally interesting answers, one of which was rather better received than the other.
[$] The strange story of the ARM Meltdown-fix backport

Greg Kroah-Hartman has announced the release of the 4.15.10and 4.14.27stable kernels. Each contains a large number of patches throughout the kernel tree; users should upgrade.
Stable kernels 4.15.10 and 4.14.27

Security updates have been issued by Arch Linux(samba), CentOS(389-ds-base, kernel, libreoffice, mailman, and qemu-kvm), Debian(curl, libvirt, and mbedtls), Fedora(advancecomp, ceph, firefox, libldb, postgresql, python-django, and samba), Mageia(clamav, memcached, php, python-django, and zsh), openSUSE(adminer, firefox, java-1_7_0-openjdk, java-1_8_0-openjdk, and postgresql94), Oracle(kernel and libreoffice), Red Hat(erlang, firefox, flash-plugin, and java-1.7.1-ibm), Scientific Linux(389-ds-base, kernel, libreoffice, and qemu-kvm), SUSE(xen), and Ubuntu(curl, firefox, linux, linux-raspi2, and linux-hwe).
Security updates for Thursday

The Weekly Edition for March 15, 2018 is available.
[$] Weekly Edition for March 15, 2018

As is often the case, the python-ideas mailing list hosted a discussion about a Python Enhancement Proposal (PEP) recently. In some sense, this particular PEP was created to try to gather together the pros and cons of a feature idea that regularly crops up: statement-local bindings for variable names. But the discussion of the PEP went in enough different directions that it led to calls for an entirely different type of medium in which to have those kinds of discussions.
[$] Discussing PEP 572

Let's Encrypt has announcedthat ACMEv2 (Automated Certificate Management Environment) and wildcard certificate support is live. ACMEv2is an updated version of the ACME protocol that has gone through the IETF standards process. Wildcard certificatesallow you to secure all subdomains of a domain with a single certificate. (Thanks to Alphonse Ogulla)
ACME v2 and Wildcard Certificate Support is Live

GNOME 3.28 has been released. "This release brings a more beautiful font, an improved on-screen keyboard and a new 'Usage' application. Improvements to core GNOME applications include support for favorites in Files and the file chooser, a better month view in the Calendar, support for importing pictures from devices in Photos, and many more."See the release notesfor details.
GNOME 3.28 released

Mozilla Firefox and Firefox ESR Multiple Out of Bounds Write Remote Code Execution Vulnerabilities
Vuln: Mozilla Firefox and Firefox ESR Multiple Out of Bounds Write Remote Code Execution Vulnerabilities

Linux Kernel CVE-2017-18232 Local Denial of Service Vulnerability
Vuln: Linux Kernel CVE-2017-18232 Local Denial of Service Vulnerability

APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
Vuln: APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability

Multiple VMware Products CVE-2018-6957 Denial of Service Vulnerability
Vuln: Multiple VMware Products CVE-2018-6957 Denial of Service Vulnerability

[SECURITY] [DSA 4145-1] gitlab security update
Bugtraq: [SECURITY] [DSA 4145-1] gitlab security update

[slackware-security] libvorbis (SSA:2018-076-01)
Bugtraq: [slackware-security] libvorbis (SSA:2018-076-01)

[SECURITY] [DSA 4144-1] openjdk-8 security update
Bugtraq: [SECURITY] [DSA 4144-1] openjdk-8 security update

[SECURITY] [DSA 4143-1] firefox-esr security update
Bugtraq: [SECURITY] [DSA 4143-1] firefox-esr security update

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus