[1]
可以去这里下载 ubuntu-security-announce.mbox, 或这个直接链接。Python 代码在此页最下方。
主要就是拿 “Software Description:“(2011年4月14号才有, 所以忽略 2004 年到 2011年4月) 下方的 software 名字,然后算出现次数,再排序显示。
比纯拿 packages 有意义得多, 比如说我不关心 aspell package 还是 libaspell15 package, 只想知道 aspell software 出现的总次数。 不过还是有分版本号。
这方式是 archive 所以包括 CVE-2014-0160 Heartbleed。 缺点是不包括 chromium-browser 那些第三方的。 还有这是 per announcement, 有时候是多个漏洞在同一个 annoucement(特别是 Kernel), 所以只是粗略估计, 并非 per-漏洞, 不过仍然足够一窥整个 big picture。 Summary 通常会说 "Several security issues were fixed in xxx"。
xb@dnxb:~/Downloads$ python ubuntu-security-announce.py
593 - linux: Linux kernel
148 - linux-ti-omap4: Linux kernel for OMAP4
143 - linux-raspi2: Linux kernel for Raspberry Pi 2
141 - firefox: Mozilla Open Source web browser
107 - linux-aws: Linux kernel for Amazon Web Services (AWS) systems
94 - linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise ESM
80 - thunderbird: Mozilla Open Source mail and newsgroup client
69 - linux-kvm: Linux kernel for cloud environments
68 - linux-snapdragon: Linux kernel for Snapdragon processors
65 - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
61 - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
61 - linux-hwe: Linux hardware enablement (HWE) kernel
57 - linux-azure: Linux kernel for Microsoft Azure Cloud systems
51 - linux-ec2: Linux kernel for EC2
50 - php5: HTML-embedded scripting language interpreter
48 - samba: SMB/CIFS file, print, and login server for Unix
43 - openssl: Secure Socket Layer (SSL) cryptographic library and tools
39 - bind9: Internet Domain Name Server
38 - linux-lts-utopic: Linux hardware enablement kernel from Utopic for Trusty
37 - oxide-qt: Web browser engine for Qt (QML plugin)
36 - clamav: Anti-virus utility for Unix
35 - mysql-5.5: MySQL database
35 - curl: HTTP, HTTPS, and FTP client and client libraries
34 - openjdk-7: Open Source Java implementation
32 - nss: Network Security Service library
30 - python-django: High-level Python web development framework
29 - qemu: Machine emulator and virtualizer
29 - linux-oem: Linux kernel for OEM processors
28 - openjdk-6: Open Source Java implementation
28 - linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty=
28 - linux-lts-quantal: Linux hardware enablement kernel from Quantal
27 - apache2: Apache HTTP server
24 - webkit2gtk: Web content engine library for GTK+
24 - libxml2: GNOME XML library
22 - qemu-kvm: Machine emulator and virtualizer
22 - nova: OpenStack Compute cloud infrastructure =2D cups: Common UNIX Printing System(tm)
21 - linux-lts-backport-oneiric: Linux kernel backport from Oneiric
21 - libreoffice: Office productivity suite
20 - tiff: Tag Image File Format (TIFF) library
20 - ghostscript: PostScript and PDF interpreter
20 - eglibc: GNU C Library
19 - linux-lts-raring: Linux hardware enablement kernel from Raring
19 - libvirt: Libvirt virtualization toolkit
18 - linux-gke: Linux kernel for Google Container Engine (GKE) systems
18 - dovecot: IMAP and POP3 email server
17 - imagemagick: Image manipulation programs and library
17 - apt: Advanced front-end for dpkg
16 - puppet: Centralized configuration management
16 - openjdk-8: Open Source Java implementation
16 - mysql-5.7: MySQL database
16 - linux-oracle: Linux kernel for Oracle Cloud systems
16 - libav: Multimedia player, server, encoder and transcoder
15 - ruby1.9.1: Object-oriented scripting language
15 - linux-lts-wily: Linux hardware enablement kernel from Wily for Trusty
15 - apport: automatically generate crash reports for debugging
14 - ubufox: Ubuntu Firefox specific configuration defaults and apt support
14 - tomcat7: Servlet and JSP engine
14 - systemd: system and service manager
14 - perl: Practical Extraction and Report Language
14 - keystone: OpenStack identity service
14 - freetype: FreeType 2 is a font engine library
14 - exim4: Exim is a mail transport agent
13 - xorg-server: X.Org X11 server
13 - tomcat6: Servlet and JSP engine
13 - python2.7: An interactive high-level object-oriented language
13 - php7.0: HTML-embedded scripting language interpreter
13 - linux-lts-saucy: Linux hardware enablement kernel from Saucy
13 - icu: International Components for Unicode library
13 - gnutls26: GNU TLS library
13 - gnupg: GNU privacy guard - a free PGP replacement
13 - cups: Common UNIX Printing System(tm)
12 - poppler: PDF rendering library
12 - openssh: secure shell (SSH) for secure access to remote machines
12 - linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
12 - glibc: GNU C Library
11 - wpa: client support for WPA and WPA2
11 - squid3: Web proxy cache server
11 - postgresql-9.1: Object-relational SQL database
11 - linux-mvl-dove: Linux kernel for DOVE
11 - linux-lts-backport-natty: Linux kernel backport from Natty
11 - icedtea-web: A web browser plugin to execute Java applets
10 - xulrunner-1.9.2: Mozilla Gecko runtime environment
10 - spice: SPICE protocol client and server library
10 - postgresql-9.3: Object-relational SQL database
10 - mysql-dfsg-5.1: MySQL database
10 - libgd2: GD Graphics Library
10 - git: fast, scalable, distributed revision control system
10 - expat: XML parsing C library
10 - dbus: simple interprocess messaging system
9 - lxc: Linux Containers userspace tools
9 - linux-lts-backport-maverick: Linux kernel backport from Maverick
9 - libgcrypt11: LGPL Crypto library
9 - irssi: terminal based IRC client
9 - file: Tool to determine file types
9 - bash: GNU Bourne Again SHell
8 - wget: retrieves files from the web
8 - tomcat8: Servlet and JSP engine
8 - sudo: Provide limited super user privileges to specific users
8 - subversion: Advanced version control system
8 - ruby1.8: Object-oriented scripting language
8 - quagga: BGP/OSPF/RIP routing daemon
8 - postgresql-9.5: Object-relational SQL database
8 - postgresql-8.4: Object-relational SQL database
8 - policykit-1: framework for managing administrative policies and privileges
8 - pidgin: graphical multi-protocol instant messaging client for X
8 - openjdk-lts: Open Source Java implementation
8 - ntp: Network Time Protocol daemon and utility programs
8 - nginx: small, powerful, scalable web/proxy server
8 - linux-fsl-imx51: Linux kernel for IMX51
8 - libssh: A tiny C SSH library
8 - libpng: PNG (Portable Network Graphics) file library
8 - libarchive: Library to read/write archive files
8 - kde4libs: KDE 4 core applications and libraries
8 - isc-dhcp: DHCP server and client
8 - gnupg2: GNU privacy guard - a free PGP replacement
8 - glance: OpenStack Image Registry and Delivery Service
7 - strongswan: IPsec VPN solution
7 - rsync: fast, versatile, remote (and local) file-copying tool
7 - php7.2: HTML-embedded scripting language interpreter
7 - openldap: OpenLDAP utilities
7 - mysql-5.1: MySQL database
7 - lightdm: Display Manager
7 - libtasn1-6: Library to manage ASN.1 structures
7 - libraw: raw image decoder library
7 - krb5: MIT Kerberos Network Authentication Protocol
7 - intel-microcode: Processor microcode for Intel CPUs
7 - haproxy: fast and reliable load balancing reverse proxy
7 - gnutls28: GNU TLS library
7 - glib2.0: GLib Input, Output and Streaming Library (fam module)
7 - gimp: The GNU Image Manipulation Program
7 - cups-filters: OpenPrinting CUPS Filters
6 - swift: OpenStack distributed virtual object store
6 - ruby2.0: Object-oriented scripting language
6 - qt4-x11: Qt 4 libraries
6 - python3.4: An interactive high-level object-oriented language
6 - python3.2: An interactive high-level object-oriented language
6 - python-crypto: cryptographic algorithms and protocols for Python
6 - postgresql-8.3: Object-relational SQL database
6 - pam: Pluggable Authentication Modules
6 - nvidia-graphics-drivers-304: NVIDIA binary X.Org driver
6 - nspr: NetScape Portable Runtime Library
6 - net-snmp: SNMP (Simple Network Management Protocol) server and applicat ions
6 - mutt: text-based mailreader supporting MIME, GPG, PGP and threading
6 - mozvoikko: Finnish spell-checker extension for Firefox
6 - miniupnpc: UPnP IGD client lightweight library
6 - memcached: high-performance memory object caching system
6 - libxfont: X11 font rasterisation library
6 - libtasn1-3: Library to manage ASN.1 structures
6 - libgcrypt20: LGPL Crypto library
6 - jasper: Library for manipulating JPEG-2000 files
6 - horizon: Web interface for OpenStack cloud infrastructure
6 - gdk-pixbuf: GDK Pixbuf library
6 - ffmpeg: Tools for transcoding, streaming and playing of multimedia files
6 - dnsmasq: Small caching DNS proxy and DHCP/TFTP server
6 - cinder: OpenStack storage service
6 - apparmor: Linux security system
5 - unity-firefox-extension: Unity Integration for Firefox
5 - tcpdump: command-line network traffic analyzer
5 - ruby2.3: Object-oriented scripting language
5 - python3.5: An interactive high-level object-oriented language
5 - postgresql-10: Object-relational SQL database
5 - patch: Apply a diff file to an original
5 - paramiko: Python SSH2 library
5 - openvpn: virtual private network software
5 - openjdk-6b18: Open Source Java implementation
5 - nvidia-graphics-drivers-340: NVIDIA binary X.Org driver
5 - neutron: OpenStack Virtual Network Service
5 - mysql-5.6: MySQL database
5 - linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems
5 - libxslt: XSLT processing library
5 - libsoup2.4: HTTP client/server library for GNOME
5 - freeradius: high-performance and highly configurable RADIUS server
5 - evince: Document viewer
5 - ecryptfs-utils: eCryptfs cryptographic filesystem utilities
5 - dpkg: Debian package management system
5 - devscripts: scripts to make the life of a Debian Package maintainer easier
5 - ca-certificates: Common CA certificates
5 - bzip2: high-quality block-sorting file compressor - utilities
4 - xorg-server-hwe-16.04: X.Org X11 server
4 - wavpack: audio codec (lossy and lossless) - encoder and decoder
4 - update-manager: GNOME application that manages apt updates
4 - unzip: De-archiver for .zip files
4 - transmission: lightweight BitTorrent client
4 - requests: elegant and simple HTTP library for Python
4 - postgresql-9.6: Object-relational SQL database
4 - postgresql-9.4: Object-relational SQL database
4 - pixman: pixel-manipulation library for X and cairo
4 - ntfs-3g: read/write NTFS driver for FUSE
4 - network-manager: Network connection manager
4 - munin: Network-wide graphing framework
4 - moin: Collaborative hypertext environment
4 - linux-euclid: Linux kernel for Intel Euclid systems
4 - libyaml: Fast YAML 1.1 parser and emitter library
4 - libx11: X11 client-side library
4 - libvncserver: vnc server library
4 - libsndfile: Library for reading/writing audio files
4 - libmspack: library for Microsoft compression formats
4 - lcms2: Little CMS color management library
4 - hplip: HP Linux Printing and Imaging System (HPLIP)
4 - evolution-data-server: Evolution suite data server
4 - elfutils: collection of utilities to handle ELF objects
3 - zsh: shell with lots of features
3 - xorg-server-lts-xenial: X.Org X11 server
3 - xorg-server-lts-trusty: X.Org X11 server
3 - wpasupplicant: client support for WPA and WPA2
3 - webkit: Web content engine library for GTK+
3 - webfav: Firefox extension for saving web favorites (bookmarks)
3 - w3m: WWW browsable pager with excellent tables/frames support
3 - vino: VNC server for GNOME
3 - usb-creator: create a startup disk using a CD or disc image
3 - unity: Interface designed for efficiency of space and interaction.
3 - unbound: validating, recursive, caching DNS resolver
3 - squid: Web proxy cache server
3 - sqlite3: C library that implements an SQL database engine
3 - spamassassin: Perl-based spam filter using text analysis
3 - software-properties: manage the repositories that you install software from
3 - shadow: system login tools
3 - rsyslog: Enhanced syslogd
3 - rpm: package manager for RPM
3 - qtbase-opensource-src: Qt 5 libraries
3 - python2.6: An interactive high-level object-oriented language
3 - python-imaging: Python Imaging Library
3 - procps: /proc file system utilities
3 - procmail: Versatile e-mail processor
3 - ppp: Point-to-Point Protocol (PPP)
3 - postgresql-11: Object-relational SQL database
3 - pollinate: seed the pseudo random number generator in virtual machines
3 - openssl1.0: Secure Socket Layer (SSL) cryptographic library and tools
3 - openslp-dfsg: Service Location Protocol library
3 - nvidia-graphics-drivers: NVIDIA binary Xorg driver
3 - nvidia-graphics-drivers-updates: NVIDIA binary Xorg driver
3 - nvidia-graphics-drivers-384: NVIDIA binary X.Org driver
3 - nvidia-graphics-drivers-375: NVIDIA binary X.Org driver
3 - nvidia-graphics-drivers-304-updates: NVIDIA binary X.Org driver
3 - nagios3: host/service/network monitoring and management system
3 - mysql-dfsg-5.0: MySQL database
3 - mesa: free implementation of the EGL API
3 - mailman: Powerful, web-based mailing list manager
3 - maas: Ubuntu MAAS Server
3 - lxml: pythonic binding for the libxml2 and libxslt libraries
3 - linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems
3 - libxcursor: X11 cursor management library
3 - libvorbis: The Vorbis General Audio Compression Codec
3 - libotr: Off-the-Record Messaging library
3 - liblouis: Braille translation library - utilities
3 - libjpeg-turbo: library for handling JPEG files
3 - libidn: implementation of IETF IDN specifications
3 - jinja2: small but fast and easy to use stand-alone template engine
3 - gtk+3.0: GTK+ graphical user interface library
3 - gst-plugins-good1.0: GStreamer plugins
3 - gst-plugins-good0.10: GStreamer plugins
3 - graphite2: Font rendering engine for Complex Scripts
3 - freerdp: RDP client for Windows Terminal Services
3 - foomatic-filters: OpenPrinting printer support - filters
3 - file-roller: archive manager for GNOME
3 - exiv2: EXIF/IPTC/XMP metadata manipulation tool
3 - e2fsprogs: ext2/ext3/ext4 file system utilities
3 - dhcp3: DHCP server and client
3 - ceph: distributed storage and file system
3 - batik: SVG Library
3 - audiofile: Open-source version of the SGI audiofile library
3 - aptdaemon: transaction based package management service
3 - advancecomp: collection of recompression utilities
2 - zziplib: library providing read access on ZIP-archives - library
2 - znc: advanced modular IRC bouncer
2 - xorg-server-lts-quantal: X.Org X11 server
2 - xmlrpc-c: Lightweight RPC library based on XML and HTTP
2 - wireshark: network traffic analyzer
2 - vlc: multimedia player and streamer
2 - vim: Vi IMproved - enhanced vi editor
2 - unity-2d: Unity interface for non-accelerated graphics cards
2 - udisks2: service to access and manipulate storage devices
2 - ubuntuone-client: Ubuntu One client
2 - ubuntu-release-upgrader: manage release upgrades
2 - texlive-bin: TeX Live: path search library for TeX (development part)
2 - t1lib: Type 1 font rasterizer library - runtime
2 - spice-protocol: SPICE protocol headers
2 - sox: Swiss army knife of sound processing
2 - snapd: Daemon and tooling that enable snap packages
2 - simplestreams: Library and tools for using Simple Streams data
2 - ruby2.1: Object-oriented scripting language
2 - rtmpdump: small dumper for media content streamed over the RTMP protocol
2 - quassel: KDE/Qt-based IRC client
2 - python3.7: An interactive high-level object-oriented language
2 - python3.6: An interactive high-level object-oriented language
2 - python3.3: An interactive high-level object-oriented language
2 - python3.1: An interactive high-level object-oriented language (version 3.1)
2 - python-urllib3: HTTP library with thread-safe connection pooling for Python
2 - python-pysaml2: Pure python implementation of SAML2
2 - python-keystoneclient: Client library for OpenStack Identity API
2 - python-httplib2: comprehensive HTTP client library written for Python
2 - python-cryptography: Cryptography Python library
2 - pyopenssl: Python wrapper around the OpenSSL library
2 - postgresql-common: PostgreSQL database-cluster manager
2 - postfix: High-performance mail transport agent
2 - pillow: Python Imaging Library
2 - php7.1: HTML-embedded scripting language interpreter
2 - pcsc-lite: Middleware to access a smart card using PC/SC
2 - pcre3: Perl 5 Compatible Regular Expression Library
2 - pango1.0: Layout and rendering of internationalized text - gir bindings
2 - pacemaker: Cluster resource manager
2 - optipng: advanced PNG (Portable Network Graphics) optimizer
2 - openvswitch: Ethernet virtual switch
2 - openoffice.org: Office productivity suite
2 - nvidia-graphics-drivers-340-updates: NVIDIA binary X.Org driver
2 - nvidia-graphics-drivers-173: NVIDIA binary Xorg driver
2 - nvidia-graphics-drivers-173-updates: NVIDIA binary Xorg driver
2 - network-manager-applet: GNOME frontend for NetworkManager
2 - nettle: low level cryptographic library (public-key cryptos)
2 - nbd: Network Block Device protocol
2 - mozjs52: SpiderMonkey JavaScript library
2 - mosquitto: MQTT version 3.1/3.1.1 compatible message broker
2 - mono: Mono is a platform for running and developing applications
2 - mod-wsgi: Python WSGI adapter module for Apache
2 - mariadb-10.1: MariaDB database
2 - lxd: Container hypervisor based on LXC
2 - libytnef: improved decoder for application/ms-tnef attachments
2 - libyaml-libyaml-perl: Perl interface to libyaml, a YAML implementation
2 - libxrender: X11 Rendering Extension client library
2 - libxml-libxml-perl: Perl interface to the libxml2 library
2 - libxkbcommon: library interface to the XKB compiler - development files
2 - libxfont2: X11 font rasterisation library
2 - libxfont1: X11 font rasterisation library
2 - libtirpc: transport-independent RPC library - development files
2 - libseccomp: library for working with the Linux seccomp filter
2 - librsvg: renderer library for SVG files
2 - libpng1.6: PNG (Portable Network Graphics) file library
2 - libnl3: library for dealing with netlink sockets
2 - libmodule-signature-perl: module to manipulate CPAN SIGNATURE files
2 - libmodplug: Library for mod music based on ModPlug
2 - libksba: X.509 and CMS support library
2 - libkdcraw: RAW picture decoding library
2 - libimobiledevice: Library for communicating with iPhone and iPod Touch devices
2 - libgc: Boehm-Demers-Weiser garbage collecting storage allocator library
2 - libgadu: Gadu-Gadu protocol library
2 - libffi: Foreign Function Interface library (development files, 32bit)
2 - libevent: Asynchronous event notification library
2 - libcaca: text mode graphics utilities
2 - libarchive-zip-perl: Perl module for manipulation of ZIP archives
2 - libapache2-mod-perl2: Integration of perl with the Apache2 web server
2 - lftp: Sophisticated command-line FTP/HTTP client programs
2 - ldb: LDAP-like embedded database - tools
2 - language-selector: Language selector for Ubuntu
2 - keepalived: Failover and monitoring daemon for LVS clusters
2 - jockey: user interface and desktop integration for driver management
2 - ipsec-tools: IPsec tools for Linux
2 - icoutils: Create and extract MS Windows icons and cursors
2 - ibus: Intelligent Input Bus - core
2 - heimdal: Heimdal Kerberos Network Authentication Protocol
2 - gvfs: Userspace virtual filesystem
2 - gst-plugins-base1.0: GStreamer plugins
2 - gst-plugins-base0.10: GStreamer plugins
2 - graphviz: rich set of graph drawing tools
2 - gnutls13: GNU TLS library
2 - gettext: GNU Internationalization utilities
2 - gdm3: GNOME Display Manager
2 - eog: Eye of GNOME graphics viewer program
2 - dpdk: set of libraries for fast packet processing
2 - docker.io: Linux container runtime
2 - dbus-glib: simple interprocess messaging system
2 - cyrus-sasl2: Cyrus Simple Authentication and Security Layer
2 - cvs: Concurrent Versions System
2 - cupsys: Common UNIX Printing System(tm)
2 - cpio: a tool to manage archives of files
2 - ca-certificates-java: Common CA certificates (JKS keystore)
2 - c-ares: library for asynchronous name resolution
2 - bzr: easy to use distributed version control system
2 - backuppc: high-performance, enterprise-grade system for backing up PCs
2 - amd64-microcode: Processor microcode firmware for AMD CPUs
2 - acpid: Advanced Configuration and Power Interface daemon
2 - accountsservice: query and manipulate user account information
1 - zipios++: small C++ library for reading zip files (development)
1 - zeromq3: lightweight messaging kernel
1 - xulrunner-1.9.1: XUL + XPCOM application runner
1 - xserver-xorg-video-qxl: X.Org X server -- QXL display driver
1 - xserver-xorg-video-openchrome: X.Org X server -- VIA display driver
1 - xserver-xorg-video-openchrome-lts-quantal: X.Org X server -- VIA display driver
1 - xscreensaver: Automatic screensaver for X
1 - xorg: X.Org X Window System
1 - xorg-server-lts-utopic: X.Org X11 server
1 - xorg-server-lts-raring: X.Org X11 server
1 - xmltooling: C++ XML parsing library with encryption support
1 - xmlrpc-epi: a XML-RPC request library
1 - xdiagnose: X.org diagnosis tool
1 - xdg-utils: desktop integration utilities from freedesktop.org
1 - xdelta3: Diff utility which works with binary files
1 - xchat-gnome: simple and featureful IRC client for GNOME
1 - xapian-core: Development files for Xapian search engine library
1 - whoopsie: Ubuntu error tracker submission
1 - webkitgtk: Web content engine library for GTK+
1 - webapps-greasemonkey: Firefox extension: Website Integration
1 - webaccounts-browser-extension: Ubuntu Online Accounts extension for chr omium
1 - web2py: High-level Python web development framework
1 - wayland: Wayland compositor infrastructure
1 - walinuxagent: Windows Azure Linux Agent
1 - vsftpd: FTP server written for security
1 - vcftools: Collection of tools to work with VCF files
1 - valgrind: instrumentation framework for building dynamic analysis tools=
1 - usbmuxd: USB multiplexor daemon for iPhone and iPod Touch devices
1 - update-notifier: Daemon which notifies about package updates
1 - unity-settings-daemon: daemon handling the Unity session settings
1 - unattended-upgrades: automatic installation of security upgrades
1 - udisks: service to access and manipulate storage devices
1 - ubuntuone-storage-protocol: Python library for Ubuntu One file storage an d sharing service
1 - ubuntuone-couch: Ubuntu One CouchDB
1 - ubuntu-system-service: Dbus service to set various system-wide configur ations
1 - ubuntu-sso-client: Ubuntu Single Sign-On client
1 - ubuntu-core-launcher: Snap application launcher
1 - ubiquity-slideshow-ubuntu: Ubiquity slideshow for Ubuntu
1 - txt2man: Converts flat ASCII text to man page format
1 - twisted: Event-based framework for internet applications
1 - transfig: Utilities for converting XFig figure files
1 - tracker: metadata database, indexer and search tool
1 - tomcat9: Servlet and JSP engine
1 - tmpreaper: cleans up files in directories based on their age
1 - tidy: HTML syntax checker and reformatter
1 - tgt: Linux SCSI target user-space tools
1 - texlive-base: TeX Live: Essential programs and files
1 - telepathy-idle: IRC connection manager for Telepathy
1 - telepathy-gabble: Jabber/XMPP connection manager
1 - tcpflow: TCP flow recorder
1 - tar: GNU version of the tar archiving utility
1 - t1utils: Collection of simple Type 1 font manipulation programs
1 - systemd-shim: shim for systemd
1 - system-config-printer: Python modules for printer configuration with CUPS
1 - suds: Lightweight SOAP client for Python
1 - sosreport: Set of tools to gather troubleshooting data from a system
1 - software-center: Utility for browsing, installing, and removing software
1 - sigil: multi-platform ebook editor
1 - shotwell: digital photo organizer
1 - sharutils: shar, unshar, uuencode, uudecode
1 - serf: high-performance asynchronous HTTP client library
1 - sensible-utils: Utilities for sensible alternative selection
1 - screen: terminal multiplexer with VT100/ANSI terminal emulation
1 - screen-resolution-extra: Extension for the GNOME screen resolution appl et
1 - rubygems: package management framework for Ruby libraries/applications
1 - ruby-rack: modular Ruby webserver interface
1 - rtkit: Realtime Policy and Watchdog Daemon
1 - rssh: Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist
1 - rpcbind: converts RPC program numbers into universal addresses
1 - rhythmbox: music player and organizer for GNOME
1 - remote-login-service: Service to track the remote servers to use
1 - redis: Persistent key-value database with network interface
1 - rdesktop: RDP client for Windows NT/2000 Terminal Server
1 - raptor: Raptor RDF parser and serializer library
1 - raptor2: Raptor 2 RDF syntax library
1 - rampart: Apache web services security engine
1 - radvd: Router Advertisement Daemon
1 - rabbitmq-server: AMQP server written in Erlang
1 - quantum: OpenStack Virtual Network Service
1 - qpdf: tools for transforming and inspecting PDF files
1 - pyyaml: YAML parser and emitter for Python
1 - python2.5: An interactive high-level object-oriented language (version 2.5)
1 - python2.4: An interactive high-level object-oriented language (version 2.4)
1 - python-werkzeug: collection of utilities for WSGI applications
1 - python-pycadf: implementation of DMTF Cloud Audit (CADF) data model
1 - python-pam: A Python interface to the PAM library
1 - python-oslo.middleware: WSGI middleware components for OpenStack
1 - python-keystonemiddleware: Client library for OpenStack Identity API
1 - python-keyring: store and access your passwords safely
1 - python-gnupg: Python wrapper for the GNU Privacy Guard=20
1 - python-glanceclient: Client library for Openstack glance server.
1 - python-dbusmock: mock D-Bus objects for tests
1 - pymongo: Python interface to the MongoDB document-oriented database
1 - pyjwt: Python implementation of JSON Web Token
1 - pygments: syntax highlighting package written in Python
1 - policykit-desktop-privileges: run common desktop actions without passwo rd
1 - php-pear: PHP Extension and Application Repository
1 - pam-xdg-support: PAM module for XDG_RUNTIME_DIR support
1 - packagekit: Provides a package management service
1 - p7zip: 7z file archiver with high compression ratio
1 - oxygen-gtk3: Oxygen widget theme for GTK3-based applications
1 - oprofile: System-wide profiler for Linux systems
1 - openslp: OpenSLP is an implementation of the Service Location Protocol
1 - openjpeg2: JPEG 2000 image compression/decompression library
1 - openexr: command-line tools for the OpenEXR image format
1 - open-iscsi: Open Source iSCSI implementation
1 - octavia: OpenStack Load Balancer Service
1 - ocaml: ML language implementation with a class-based object system
1 - nvidia-settings: Tool for configuring the NVIDIA graphics driver
1 - nvidia-settings-updates: Tool for configuring the NVIDIA graphics drive r
1 - nvidia-graphics-drivers-390: NVIDIA binary X.Org driver
1 - nvidia-graphics-drivers-367: NVIDIA binary X.Org driver
1 - nvidia-graphics-drivers-352: NVIDIA binary X.Org driver
1 - nvidia-graphics-drivers-352-updates: NVIDIA binary X.Org driver
1 - nvidia-graphics-drivers-346: NVIDIA binary X.Org driver
1 - nvidia-graphics-drivers-346-updates: NVIDIA binary X.Org driver
1 - nvidia-graphics-drivers-331: NVIDIA binary Xorg driver
1 - nvidia-graphics-drivers-331-updates: NVIDIA binary Xorg driver
1 - nut: Network UPS tools
1 - nova-lxd: Openstack Compute - LXD container hypervisor support
1 - node-fstream: Advanced filesystem streaming tools for Node.js
1 - nltk: Python libraries for natural language processing
1 - neovim: heavily refactored vim fork
1 - nasm: General-purpose x86 assembler
1 - nas: Network Audio System
1 - mozilla-devscripts: Collection of dev scripts used by Ubuntu Mozilla pa ckages
1 - mountall: filesystem mounting tool
1 - monit: utility for monitoring and managing daemons or similar programs
1 - modemmanager: Modem connection manager
1 - mime-support: MIME support programs
1 - mesa-lts-quantal: free implementation of the EGL API
1 - mercurial: easy-to-use, scalable distributed version control system
1 - mariadb-5.5: MariaDB database
1 - mariadb-10.3: MariaDB database
1 - lzo2: data compression library
1 - lynx-cur: Text-mode WWW Browser with NLS support
1 - lxcfs: FUSE based filesystem for LXC
1 - lua5.3: Simple, extensible, embeddable programming language
1 - lua5.1: Simple, extensible, embeddable programming language
1 - logrotate: Log rotation utility
1 - linux-source-2.6.15: Linux kernel
1 - linux-meta:=20
1 - linux-meta-hwe:=20
1 - linux-firmware: Firmware for Linux kernel drivers
1 - lintian: Debian package checker
1 - likewise-open: Authentication services for Active Directory domains
1 - libzstd: fast lossless compression algorithm -- development files
1 - libxxf86vm: X11 XFree86 video mode extension library
1 - libxxf86dga: X11 Direct Graphics Access extension library
1 - libxvmc: X11 Video extension library
1 - libxv: X11 Video extension library
1 - libxtst: X11 Record extension library
1 - libxt: X11 toolkit intrinsics library
1 - libxres: X11 Resource extension library
1 - libxrandr: X11 RandR extension library
1 - libxrandr-lts-quantal: X11 RandR extension library
1 - libxpm: X11 pixmap library
1 - libxp: X Printing Extension (Xprint) client library
1 - libxml-security-java: implementation of security standards for XML
1 - libxinerama: X11 Xinerama extension library
1 - libxi: X11 Input extension library
1 - libxfixes: X11 miscellaneous fixes extension library
1 - libxext: X11 miscellaneous extensions library
1 - libxcb: X C Binding
1 - libxalan2-java: XSL Transformations (XSLT) processor in Java
1 - libwmf: Windows metafile conversion tools
1 - libvoikko: Library of Finnish language tools
1 - libvdpau: Video Decode and Presentation API for Unix
1 - libusbmuxd: USB multiplexor daemon for iPhone and iPod Touch devices
1 - libunity-webapps: UnityWebapps library
1 - libsolv: A dependency solver using a satisfiablility algorithm
1 - libsdl2: Simple DirectMedia Layer: cross-platform development library providing access to low level media interfaces
1 - libsdl1.2: Simple DirectMedia Layer
1 - libreoffice-l10n: Office productivity suite help
1 - librelp: Reliable Event Logging Protocol (RELP) library
1 - libproxy: automatic proxy configuration management library
1 - libndp: Library for Neighbor Discovery Protocol
1 - libmysofa: library to read HRTFs stored in the AES69-2015 SOFA format
1 - libmwaw: import library for some old Mac text documents
1 - libmediainfo: library reading metadata from media files
1 - liblwp-protocol-https-perl: HTTPS driver for LWP::UserAgent
1 - libjpeg6b: library for handling JPEG files
1 - libidn2-0: Internationalized domain names (IDNA2008) library
1 - libiberty: library of utility functions used by GNU programs
1 - libgssglue: header files and docs for libgssglue
1 - libgdata: Library to access GData services
1 - libfs: X11 Font Services library
1 - libexif: library to parse EXIF files
1 - libebml: library for the EBML format
1 - libdmx: X11 Distributed Multihead extension library
1 - libdbd-mysql-perl: Perl5 database interface to the MySQL database
1 - libconfig-inifiles-perl: Perl module for working with INI configuration f iles
1 - libcommons-fileupload-java: File upload capability for servlets and web=
1 - libapache2-mod-auth-mellon: SAML 2.0 authentication module for Apache
1 - ldns: ldns library for DNS programming
1 - ldm: LTSP display manager
1 - lcms: Little CMS color management library utilities
1 - konversation: Internet Relay Chat (IRC) client for KDE
1 - koffice: KDE Office Suite
1 - kdeutils: KDE general-purpose utilities
1 - kdepimlibs: the KDE PIM libraries
1 - kdepim: Personal Information Management apps
1 - kdenetwork: networking applications for KDE 4
1 - kde-workspace: KDE Plasma Workspace components
1 - kde-runtime: runtime components from the official KDE release
1 - kconfig: configuration settings framework for Qt
1 - juju-core: next generation service orchestration system
1 - json-c: JSON manipulation library
1 - jquery: JavaScript library for dynamic web applications
1 - jetty: Java servlet engine and webserver
1 - jbigkit: JBIG1 data compression library
1 - jbig2dec: JBIG2 decoder library
1 - jakarta-taglibs-standard: Implementation of JSP Standard Tag Library (J STL)
1 - iucode-tool: Intel processor microcode tool
1 - inkscape: vector-based drawing program
1 - initramfs-tools: tools for generating an initramfs
1 - indicator-datetime: Simple clock
1 - imlib2: Image manipulation and rendering library
1 - heat: OpenStack Orchestration Service
1 - harfbuzz: OpenType text shaping engine
1 - gunicorn: Python HTTP/WSGI server
1 - gtk-vnc: VNC viewer widget
1 - gtk+2.0: GTK+ graphical user interface library
1 - gsettings-desktop-schemas: GSettings desktop-wide schemas
1 - grub2: GRand Unified Bootloader
1 - gpsd: Global Positioning System - daemon
1 - gpgme1.0: GPGME - GnuPG Made Easy (library)
1 - gparted: GNOME partition editor
1 - gpac: GPAC Project on Advanced Content
1 - golang-github-docker-docker-credential-helpers: Use native stores to sa feguard Docker credentials
1 - gnome-shell: graphical shell for the GNOME desktop
1 - gnome-screensaver: GNOME screen saver and locker
1 - gnome-online-accounts: GNOME Online Accounts
1 - gnome-keyring: GNOME keyring services
1 - gnome-desktop3: Introspection data for GnomeDesktop
1 - gnome-bluetooth: GNOME Bluetooth tools
1 - glib-networking: network-related giomodules for GLib
1 - giflib: library for GIF images (utilities)
1 - gdm: GNOME Display Manager
1 - gdm-guest-session: gdm extension for guest session
1 - gdb: GNU Debugger
1 - gcab: Microsoft Cabinet file manipulation tool
1 - fuse: Filesystem in Userspace
1 - freerdp2: RDP client for Windows Terminal Services
1 - freeimage: Support library for graphics image formats (development file s)
1 - fop: XML formatter
1 - fontforge: font editor
1 - fontconfig: generic font configuration library
1 - flightcrew: C++ epub validator and plugin for Sigil
1 - flac: Free Lossless Audio Codec
1 - firefox-3.5: safe and easy web browser from Mozilla
1 - firefox-3.0: safe and easy web browser from Mozilla
1 - firebird2.5: A full-featured, open source SQL database derived from Bor land InterBase 6.0
1 - feedparser: Universal Feed Parser for Python
1 - exuberant-ctags: build tag file indexes of source code definitions
1 - exempi: library to parse XMP metadata
1 - eucalyptus: Elastic Utility Computing Architecture
1 - erlang: Concurrent, real-time, distributed functional language
1 - empathy: GNOME multi-protocol chat and call client
1 - emacs25: GNU Emacs editor
1 - emacs24: GNU Emacs editor
1 - emacs23: The GNU Emacs editor (with GTK+ user interface)
1 - eject: ejects CDs and operates CD-Changers under Linux
1 - doxygen: Documentation system for C, C++, Java, Python and other languages
1 - dosfstools: utilities for making and checking MS-DOS FAT filesystems
1 - dns-root-data: DNS root data including root zone and DNSSEC key
1 - djvulibre: DjVu image format library and tools
1 - db: Berkeley v5.1 Database Utilities
1 - db5.3: Berkeley DB Utilities
1 - db4.8: Berkeley v4.8 Database Utilities
1 - corosync: cluster engine daemon and utilities
1 - coreutils: GNU core utilities
1 - commons-httpclient: A Java(TM) library for creating HTTP clients
1 - commons-daemon: wrapper to launch Java applications as daemons
1 - colord: Service to manage device colour profiles
1 - click: Click package manager
1 - cifs-utils: Common Internet File System utilities
1 - chkrootkit: rootkit detector
1 - cgmanager: Central cgroup manager daemon
1 - ceilometer: OpenStack Telemetry service
1 - calligra: integrated work applications suite
1 - bwa: Software package for mapping DNA sequences against a large referen ce genome
1 - busybox: Tiny utilities for small and embedded systems
1 - bsh: Java scripting environment
1 - bsd-mailx: simple mail user agent
1 - bouncycastle: Java implementation of cryptographic algorithms
1 - boost1.49: C++ representation of time duration, time point, and clocks
1 - bogofilter: a fast Bayesian spam filter
1 - bluez: Bluetooth tools and daemons
1 - binutils: GNU assembler, linker and binary utilities
1 - base-files: Debian base system miscellaneous files
1 - awstats: powerful and featureful web server log analyzer
1 - avahi: Avahi IPv4LL network address configuration daemon
1 - autofs: kernel-based automounter for Linux
1 - augeas: Configuration editing tool
1 - aspell: GNU Aspell spell-checker
1 - aria2: High speed command-line download utility
1 - apturl: installs packages using the apt protocol
1 - apt-xapian-index: maintenance and search tools for a Xapian index of De bian package
1 - apr: The Apache Portable Runtime Library
1 - apache2-mpm-itk: multiuser MPM for Apache 2.2
1 - ant: Java based build tool like make
1 - ansible: Configuration management, deployment, and task execution system
1 - acpi-support: scripts for handling many ACPI events
xb@dnxb:~/Downloads$
[2]
接着以下两种 CVE Repositories 方式不包括 "retired" 状态的 CVE-2014-0160 Heartbleed。
Ubuntu main repositories CVE count (306 packages, copy-paste all from that page):
xb@dnxb:~/Downloads$ awk 'NR>25 && NR<2827 {A[$2]++}END{for(i in A)print i,A[i]}' cve_ubuntu_main.list | sort -k 2,2 -g -r
qtwebkit-opensource-src 302
binutils 172
linux-oracle 132
mozjs52 127
mozjs60 113
webkit2gtk 109
linux-hwe-edge 100
linux-oem 98
linux-aws 85
linux-azure-edge 77
linux-kvm 76
linux 76
qemu-kvm 75
linux-snapdragon 57
linux-gcp 57
linux-azure 56
linux-hwe 55
linux-gke-4.15 54
linux-gcp-edge 47
imagemagick 38
thunderbird 30
mysql-5.5 29
tcpdump 28
eglibc 27
u-boot 23
jasper 22
glibc 22
elfutils 18
ncurses 16
golang-1.6 16
linux-lts-xenial 12
libvirt 12
libsndfile 12
libsdl1.2 12
bluez 12
tiff 11
openssh 11
busybox 10
qemu 9
php5 9
golang-1.10 9
firefox 9
openssl 8
poppler 7
pcre3 7
ceph 7
yaml-cpp 6
vim 6
texlive-bin 6
php7.2 6
php7.0 6
libpcap 6
libical 6
jbig2dec 6
edk2 6
cairo 6
util-linux 5
unzip 5
twisted 5
tomcat6 5
sudo 5
linux-lts-trusty 5
linux-firmware 5
libplist 5
libiberty 5
gnutls26 5
exiv2 5
zlib 4
wpa 4
systemd 4
sssd 4
sqlite3 4
shadow 4
rsync 4
rabbitmq-server 4
potrace 4
ntp 4
nss 4
libvpx 4
libjpeg-turbo 4
libdbd-mysql-perl 4
libcroco 4
golang-1.12 4
gccgo-4.9 4
gcc-5 4
gcc-4.6 4
djvulibre 4
cron 4
zziplib 3
sysstat 3
rsyslog 3
policykit-1 3
openvpn 3
nmap 3
nagios3 3
libxslt 3
libvorbis 3
libpng 3
libgd2 3
libexif 3
libcdio 3
keepalived 3
jquery 3
grub2 3
graphviz 3
golang-go.crypto 3
gcc-4.8 3
file 3
bash 3
apache2 3
xinetd 2
xchat-gnome 2
wpasupplicant 2
tar 2
sqlalchemy 2
ruby2.3 2
rpm 2
quagga 2
python-numpy 2
python-ecdsa 2
pwgen 2
php-pear 2
pax 2
oxide-qt 2
openssl1.0 2
nfs-utils 2
neutron 2
network-manager 2
mailman 2
libxtst 2
libxrender 2
libxrandr 2
libxi 2
libwpd 2
libtasn1-3 2
libpng1.6 2
libmtp 2
libgxps 2
libgcrypt20 2
keystone 2
isc-dhcp 2
iptables 2
html5lib 2
guile-2.0 2
gdb 2
gcc-defaults 2
gcc-8 2
gcc-7 2
flex 2
flask 2
fetchmail 2
dpkg 2
dnsmasq 2
curl 2
coreutils 2
accountsservice 2
zip 1
yajl 1
xserver-xorg-video-nouveau-hwe-18.04 1
xserver-xorg-video-nouveau-hwe-16.04 1
xserver-xorg-video-nouveau 1
xorg 1
xmlsec1 1
xfsprogs 1
xen 1
xdg-user-dirs 1
vsftpd 1
unixodbc 1
unity-scope-gdrive 1
udev 1
transfig 1
tomcat7 1
tidy 1
texlive-base 1
taglib 1
subversion 1
strongswan 1
squid 1
snapd 1
seahorse 1
sane-backends 1
rrdtool 1
rpcbind 1
qtsvg-opensource-src 1
qtbase-opensource-src 1
qt4-x11 1
qpdf 1
pyyaml 1
pyxdg 1
python-werkzeug 1
python-urllib3 1
python-pysaml2 1
python-os-vif 1
python-crypto 1
python3.7 1
python3.6 1
python3.5 1
python3.4 1
python2.7 1
protobuf 1
postgresql-9.3 1
pillow 1
php7.3 1
pcre2 1
patch 1
optipng 1
open-vm-tools 1
openldap 1
openhpi 1
nova 1
nettle 1
nautilus 1
mpfr4 1
mono 1
man-db 1
lzo2 1
lz4 1
lintian 1
libxvmc 1
libxv 1
libxml-twig-perl 1
libxml2 1
libxfixes 1
libxerces2-java 1
libxdmcp 1
libwmf 1
libu2f-host 1
libtasn1-6 1
libsamplerate 1
librsync 1
librsvg 1
librdmacm 1
libqb 1
libpam-krb5 1
libnet-server-perl 1
libice 1
libgcrypt11 1
libcommons-collections3-java 1
libcacard 1
libbsd 1
libarchive 1
libapache2-mod-auth-mellon 1
libao 1
lcms2 1
krb5 1
jbigkit 1
jackd2 1
ipsec-tools 1
iproute 1
ibus 1
hunspell 1
heimdal 1
harfbuzz 1
gstreamer1.0 1
groff 1
grep 1
graphite2 1
golang-golang-x-net-dev 1
gnutls28 1
gnupg2 1
gnupg 1
gnome-orca 1
gnome-keyring 1
glib2.0 1
git 1
giflib 1
gedit 1
gdm3 1
gccgo-6 1
gcc-9-cross 1
gcc-9 1
gcc-8-cross 1
gcc-7-cross 1
gcc-5-cross 1
fuse 1
freerdp2 1
freerdp 1
freeradius 1
flac 1
fence-agents 1
exempi 1
enchant 1
ecryptfs-utils 1
duplicity 1
dpdk 1
dnstracer 1
distribute 1
cryptsetup 1
cracklib2 1
consolekit 1
cinder 1
cifs-utils 1
bzr 1
byobu 1
bubblewrap 1
bsdmainutils 1
boost1.46 1
bind9 1
bash-completion 1
awstats 1
audit 1
aspell 1
apr-util 1
apr 1
apparmor 1
android-tools 1
xb@dnxb:~/Downloads$
[3]
Ubuntu Universe repositories CVE count:
这个有点多(1222 packages), 我就只放 top CVE:
ubuntu-security-announce.py Python 代码:
import operator
d = {}
with open('ubuntu-security-announce.mbox') as o:
l = o.readlines()
readingPkg = False
for ll in l:
if readingPkg:
if ll.startswith('Details:'):
readingPkg = False
elif ll.strip() == '':
readingPkg = False
#pass #print('is empty line') #only ignore one usb-creator
else:
if ll.startswith('- - '): #got 2 lines nid replace
ll = ll.replace('- - ', '- ')
#print(ll)
if ll.startswith('- '):
k = ll.split(':')[0]
if k in d:
v = d[k][0] + 1
else:
v = 1
d[k] = [v, ll]
else:
#if ll.startswith('file'): #print on top
# print(d[k][1])
if d[k][1].strip().endswith('='):
d[k][1] = d[k][1].strip()[:-1] #strip trailing '='
d[k] = [d[k][0], d[k][1].strip() + ' ' + ll.strip()] #strip newline but concat with ' '
elif ll.startswith('Software Description:'):
readingPkg = True
#https://stackoverflow.com/a/613218/1074998
#comment: This answer is out of date. Dictionaries are sorted in Python 3.7.
sorted_x = sorted(d.items(), key=operator.itemgetter(1), reverse=True) #reverse=True to sort max value on top
for x in sorted_x:
# Can't use `print(' '.join( x[1] ))` bcoz nid concat int with str
print(' '.join( [ str(x[1][0]), x[1][1] ] ).strip() )
#for k in d:
# print('keys:' + k + ' v: ' + '###'.join(d[k][1:]).strip() + ' c: ' + str(d[k][0]) )
#this one causes diff description diff row:
#grep ^'Software Description:' ubuntu-security-announce.mbox -A1 | grep ^'Software Description:' -v | grep -v -- "^--$" \
#| sed -e s/^-\ -\ /-\ /g | sed -e s/^[[:blank:]\
# ]*$/-\ usb-creator:\ create\ a\ startup\ disk\ using\ a\ CD\ or\ disc\ image\ \(common\ files=/g | sort | uniq -c | \
# sort -k 1,1 -g -r | scat
#[UPDATE] this is wrong bcoz not count multiple softwares on single message
#... most obvious is `g -B 2 -- '- linux-raspi2' ubuntu-security-announce.mbox`
#better, but still no description like this python file do:
#grep ^'Software Description:' ubuntu-security-announce.mbox -A1 | grep ^'Software Description:' -v | grep -v -- "^--$" \
# | sed -e s/^-\ -\ /-\ /g | sed -e s/^[[:blank:]]*$/-\ usb-creator:/g | awk '{A[$2]++}END{for(i in A)print i,A[i]}' \
# | sort -k 2,2 -g -r | scat
No comments:
Post a Comment