[SECURITY-L] Vulnerabilidades de Seguranca

Sex Fev 21 17:20:30 -03 2003

Srs. Usuarios,

Atualizamos o site da Equipe de Seguranca em Sistemas e Redes
da Unicamp com os seguintes boletins de vulnerabilidades:

21/02/2003
----------

CAIS-Alerta
Assunto: Multiplas Vulnerabilidades em Implementacoes do SIP
http://www.security.unicamp.br/docs/bugs/2003/02/v77.txt    

CERT Advisory (CA-2003-06)
Assunto: Multiple vulnerabilities in implementations of the Session Initiation Protocol (SIP)
http://www.security.unicamp.br/docs/bugs/2003/02/v76.txt    

20/02/2003
----------

RHN Errata Alert (HSA-2003:057-06)
Assunto: Updated shadow-utils packages fix exposure
http://www.security.unicamp.br/docs/bugs/2003/02/v74.txt    

RHN Errata Alert (RHSA-2003:006-10)
Assunto: Updated libpng packages fix buffer overflow
http://www.security.unicamp.br/docs/bugs/2003/02/v73.txt    

Conectiva Linux Security Annoucement (CLA-2003:569)
Assunto: Multiple vulnerabilities in KDE
http://www.security.unicamp.br/docs/bugs/2003/02/v72.txt    

Anuncio de Seguranca do Conectiva Linux (CLA-2003:569)
Assunto: Vulnerabilidades multiplas no KDE
http://www.security.unicamp.br/docs/bugs/2003/02/v71.txt    

RHN Errata Alert (RHSA-2003:057-06)
Assunto: Updated shadow-utils packages fix exposure 
http://www.security.unicamp.br/docs/bugs/2003/02/v70.txt    

Gentoo Linux Security Announcement(200302-11)
Assunto: denial of service in bitchx
http://www.security.unicamp.br/docs/bugs/2003/02/v69.txt    

Gentoo Linux Security Announcement(200302-10)
Assunto: timing based attack in openssl 
http://www.security.unicamp.br/docs/bugs/2003/02/v68.txt    

EnGarde Secure Linux Security Advisory(ESA-20030220-005)
Assunto: OpenSSL timing-based attack vulnerability
http://www.security.unicamp.br/docs/bugs/2003/02/v67.txt    

EnGarde Secure Linux Security Advisory(ESA-20030220-004)
Assunto: Vulnerabilidades de Seguranca nos pacotes MySQL, MySQL-client, MySQL-shared 
http://www.security.unicamp.br/docs/bugs/2003/02/v66.txt    

CAIS-Alerta
Assunto: Multiplas Vulnerabilidades em Servidores Oracle 
http://www.security.unicamp.br/docs/bugs/2003/02/v65.txt    

RHN Errata Alert (RHSA-2003:037-09)
Assunto: Updated Xpdf packages fix security vulnerability
http://www.security.unicamp.br/docs/bugs/2003/02/v64.txt    

Debian Security Advisory (DSA 232-2)
Assunto: Vulnerabilidades de Seguranca no pacote cupsys
http://www.security.unicamp.br/docs/bugs/2003/02/v45.txt    

19/02/2003
----------

CERT Advisory (CA-2003-05)
Assunto: Multiple Vulnerabilities in Oracle Servers
http://www.security.unicamp.br/docs/bugs/2003/02/v75.txt    

RHN Errata Alert (RHSA-2003:043-12)
Assunto: Updated WindowMaker packages fix vulnerability in theme-loading
http://www.security.unicamp.br/docs/bugs/2003/02/v63.txt    

Mandrake Linux Security Update Advisory(MDKSA-2003:019 )
Assunto: Vulnerabilidade de Seguranca no pacote php 
http://www.security.unicamp.br/docs/bugs/2003/02/v62.txt    

OpenPKG Security Advisory(OpenPKG-SA-2003.013)
Assunto: obtain plaintext of SSL/TLS communication in openssl
http://www.security.unicamp.br/docs/bugs/2003/02/v61.txt    

EnGarde Secure Linux Security Advisory(ESA-20030219-003)
Assunto: Several PHP vulnerabilities in php and mod_php
http://www.security.unicamp.br/docs/bugs/2003/02/v60.txt    

Gentoo Linux Security Announcement(200302-09.1)
Assunto: arbitrary code execution in mod_php 
http://www.security.unicamp.br/docs/bugs/2003/02/v59.txt    

OpenPKG Security Advisory(OpenPKG-SA-2003.012)
Assunto: denial of service (packet storm) in dhcpd
http://www.security.unicamp.br/docs/bugs/2003/02/v58.txt    

Gentoo Linux Security Announcement(200302-09)
Assunto: arbitrary code execution in mod_php and php  
http://www.security.unicamp.br/docs/bugs/2003/02/v57.txt    

18/02/2003
----------

Mandrake Linux Security Update Advisory(MDKSA-2003:018)
Assunto: Vulnerabilidade de Seguranca no pacote apcupsd 
http://www.security.unicamp.br/docs/bugs/2003/02/v56.txt    

Mandrake Linux Security Update Advisory(MDKSA-2003:017)
Assunto: Vulnerabilidade de Seguranca no pacote pam
http://www.security.unicamp.br/docs/bugs/2003/02/v55.txt    

SuSE Security Announcement(SuSE-SA:2003:0009)
Assunto: remote system compromise in mod_php4  
http://www.security.unicamp.br/docs/bugs/2003/02/v54.txt    

SuSE Security Announcement(SuSE-SA:2003:0008)
Assunto: remote system compromise in imp
http://www.security.unicamp.br/docs/bugs/2003/02/v53.txt    

OpenPKG Security Advisory(OpenPKG-SA-2003.011)
Assunto: CRLF injection vulnerability in lynx 
http://www.security.unicamp.br/docs/bugs/2003/02/v52.txt    

OpenPKG Security Advisory(OpenPKG-SA-2003.010)
Assunto: arbitrary file access and code execution in php, apache 
http://www.security.unicamp.br/docs/bugs/2003/02/v51.txt    

OpenPKG Security Advisory(OpenPKG-SA-2003.009)
Assunto: cookie information leak in w3m
http://www.security.unicamp.br/docs/bugs/2003/02/v50.txt    

Gentoo Linux Security Announcement(200302-08)
Assunto: buffer overflow in nethack
http://www.security.unicamp.br/docs/bugs/2003/02/v49.txt    

17/02/2003
----------

PHP Security Advisory
Assunto: CGI vulnerability in PHP version 4.3.0 
http://www.security.unicamp.br/docs/bugs/2003/02/v48.txt    

Gentoo Linux Security Announcement(200302-07)
Assunto: missing HTML quoting in w3m
http://www.security.unicamp.br/docs/bugs/2003/02/v47.txt    

Gentoo Linux Security Announcement(200302-06)
Assunto: security issues in installer in syslinux 
http://www.security.unicamp.br/docs/bugs/2003/02/v46.txt    

Gentoo Linux Security Announcement(200302-05)
Assunto: cross site scripting in mailman
http://www.security.unicamp.br/docs/bugs/2003/02/v44.txt    

--
Equipe de Seguranca em Sistemas e Redes
Unicamp - Universidade Estadual de Campinas
Mailto:security em unicamp.br
http://www.security.unicamp.br    