Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
Security updates have been issued by CentOS(firefox, gnupg2, kernel, python, and qemu-kvm), Debian(389-ds-base, cups, imagemagick, kernel, mailman, ruby2.1, sssd, thunderbird, and znc), Fedora(glpi, hadoop, kernel, rubygem-sprockets, singularity, thunderbird, wordpress, xapian-core, and xen), Mageia(cantata and flash-player-plugin), openSUSE(exiv2, libvorbis, nodejs6, nodejs8, openslp, singularity, slurm, and tiff), and SUSE(kernel-azure and openssl).
Security updates for Monday

The 4.18-rc5kernel prepatch has been released. "For some reason this week actually felt very busy, but the rc5 numbers show otherwise. It's all small and calm, and things are progressing nicely."
Kernel prepatch 4.18-rc5

All underutilized systems are essentially the same, but each overutilized system tends to be overloaded in its own way. If one's goal is to maximize the use of the available computing resources, overutilization tends not to be too far away, but when it happens, it can be hard to tell where the problem is. Sometimes, even the fact that there is a problem at all is not immediately apparent. The pressure-stall information patch setfrom Johannes Weiner may make life easier for system administrators by exposing more information about the real utilization state of the system.
[$] Tracking pressure-stall information

Security updates have been issued by Debian(cinnamon), Fedora(docker, firefox, jetty, and knot-resolver), Oracle(gnupg2), Scientific Linux(gnupg2), SUSE(gdk-pixbuf, java-1_8_0-openjdk, libopenmpt, php7, and rsyslog), and Ubuntu(dns-root-data, dnsmasq, and thunderbird).
Security updates for Friday

Python creator and Benevolent Dictator for Life Guido van Rossum has decided, in the wake of the difficult PEP 572 discussion, to step down from his leadership of the project. "Now that PEP 572 is done, I don't ever want to have to fight so hard for a PEP and find that so many people despise my decisions. I would like to remove myself entirely from the decision process. I'll still be there for a while as an ordinary core dev, and I'll still be available to mentor people -- possibly more available. But I'm basically giving myself a permanent vacation from being BDFL, and you all will be on your own."
Guido van Rossum resigns as Python leader

Mounting filesystems is a complicated business. The kernel supports a wide variety of filesystem types, and each has its own, often extensive set of options. As a result, the mount()system callis complex, and the list of mount optionsis a rather long read. But even with all of that complexity, mount()does not do everything that users would like. For example, the options for a mount operation must all fit within a single 4096-byte page ? the fact that this is a problem for some users is illustrative in its own right. The problems with mount()have come up at various meetings, including at the 2018 Linux Storage, Filesystem, and Memory-Management Summit. A set of patchesimplementing a new approach is getting closer to being ready, but it features some complexity of its own and there are some remaining concerns about the proposed system-call API.
[$] Six (or seven) new system calls for filesystem mounting

Security updates have been issued by Arch Linux(qutebrowser), CentOS(firefox), Debian(ruby-sprockets), Fedora(botan2, git-annex, kernel, kernel-tools, and visualboyadvance-m), Mageia(chromium-browser-stable, graphviz, mailman, nikto, perl-Archive-Zip, redis, and w3m), openSUSE(nextcloud), Oracle(gnupg2), Red Hat(flash-plugin, gnupg2, and kernel), Slackware(bind and curl), SUSE(java-1_8_0-openjdk, php7, rsyslog, slurm, and ucode-intel), and Ubuntu(cups, libpng, and libpng, libpng1.6).
Security updates for Thursday

The Weekly Edition for July 12, 2018 is available.
[$] Weekly Edition for July 12, 2018

The compromiseof the Gentoo's GitHub mirror was certainly embarrassing, but its overall impact on Gentoo users was likely fairly limited. Gentoo and GitHub responded quickly and forcefullyto the breach, which greatly limited the damage that could be done; the fact that it was a mirror and not the master copy of Gentoo's repositories made it relatively straightforward to recover from. But the black eye that it gave the project has led some to consider ways to make it even harder for an attacker to add malicious content to Gentoo?even if the distribution's owninfrastructure were to be compromised.
[$] Signing and distributing Gentoo

Greg Kroah-Hartman has released stable kernels 4.17.6, 4.14.55, 4.9.112, 4.4.140, and 3.18.115. As usual, they contain important fixes and users should upgrade.
A set of stable kernel updates

A recent query about the status of network security (TLS settings in particular) in Emacs led to a long thread in the emacs-devel mailing list. That thread touched on a number of different areas, including using OpenSSL (or other TLS libraries) rather than GnuTLS, what kinds of problems should lead to complaints out of the box, what settings should be the default, and when those settings could change for Emacs so as not to discombobulate users. The latter issue is one that lots of projects struggle with: what kinds of changes are appropriate for a bug-fix release versus a feature release. For Emacs, its lengthy development cycle, coupled with the perceived urgency of security changes, makes that question even more difficult.
[$] Emacs &TLS

Security updates have been issued by Debian(cups), Oracle(kernel and qemu-kvm), Red Hat(ansible, kernel, kernel-rt, and qemu-kvm), Scientific Linux(kernel and qemu-kvm), Slackware(thunderbird), and Ubuntu(curl, firefox, imagemagick, and xapian-core).
Security updates for Wednesday

Here's a report in Sensors Tech Forumon the discovery of a set of hostile packages in the Arch Linux AUR repository system. AUR contains user-contributed packages, of course; it's not a part of the Arch distribution itself. "The security investigation shows that shows that a malicious user with the nick name xeactor modified in June 7 an orphaned package (software without an active maintainer) called acroread. The changes included a curl script that downloads and runs a script from a remote site. This installs a persistent software that reconfigures systemd in order to start periodically. While it appears that they are not a serious threat to the security of the infected hosts, the scripts can be manipulated at any time to include arbitrary code. Two other packages were modified in the same manner."This threadin the aur-general list shows the timeline of the discovery and response.
Malware found in the Arch Linux AUR repository

In many ways, Spectre variant 1 (the bounds-check bypass vulnerability) is the ugliest of the Meltdown/Spectre set, despite being relatively difficult to exploit. Any given code base could be filled with V1 problems, but they are difficult to find and defend against. Static analysis can help, but the available tools are few, mostly proprietary, and prone to false positives. There is also a lack of efficient, architecture-independent ways of addressing Spectre V1 in user-space code. As a result, only a limited effort (at most) to find and fix Spectre V1 vulnerabilities has been made in most projects. An effort to add some defenses to GCC may help to make this situation better, but it comes at a cost of its own.
[$] Spectre V1 defense in GCC

Security updates have been issued by Debian(ruby-sprockets), Red Hat(ansible and rh-git29-git), Scientific Linux(firefox), SUSE(ceph), and Ubuntu(libjpeg-turbo, ntp, and openslp-dfsg).
Security updates for Tuesday

phpMyAdmin PMASA-2017-1 Open Redirection Vulnerability
Vuln: phpMyAdmin PMASA-2017-1 Open Redirection Vulnerability

phpMyAdmin PMASA-2017-3 Denial of Service Vulnerability
Vuln: phpMyAdmin PMASA-2017-3 Denial of Service Vulnerability

phpMyAdmin PMASA-2017-4 Security Bypass Vulnerability
Vuln: phpMyAdmin PMASA-2017-4 Security Bypass Vulnerability

phpMyAdmin PMASA-2017-7 Denial of Service Vulnerability
Vuln: phpMyAdmin PMASA-2017-7 Denial of Service Vulnerability

[SECURITY] [DSA 4246-1] mailman security update
Bugtraq: [SECURITY] [DSA 4246-1] mailman security update

[SECURITY] [DSA 4245-1] imagemagick security update
Bugtraq: [SECURITY] [DSA 4245-1] imagemagick security update

[SECURITY] [DSA 4244-1] thunderbird security update
Bugtraq: [SECURITY] [DSA 4244-1] thunderbird security update

Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability
Bugtraq: Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus