[SECURITY-L] Vulnerabilidades de Seguranca
Silvana Mieko Misuta
mieko em ccuec.unicamp.br
Seg Jan 27 16:47:41 -02 2003
Srs. Usuarios,
Atualizamos o site da Equipe de Seguranca em Sistemas e Redes
da Unicamp com os seguintes boletins de vulnerabilidades:
27/01/2003
----------
CAIS-Alerta
Assunto: MS-SQL Worm (Slammer)
http://www.security.unicamp.br/docs/bugs/2003/01/v116.txt
Debian Security Advisory (DSA 244-1)
Assunto: buffer overflows on noffle
http://www.security.unicamp.br/docs/bugs/2003/01/v115.txt
26/01/2003
----------
Microsoft Security Bulletin (MS02-061)
Assunto: Elevation of Privilege in SQL Server Web Tasks (Q316333)
http://www.security.unicamp.br/docs/bugs/2003/01/v114.txt
25/01/2003
----------
CERT Advisory (CA-2003-04)
Assunto: MS-SQL Server Worm
http://www.security.unicamp.br/docs/bugs/2003/01/v113.txt
Cisco Security Advisory
Assunto: MS SQL "Sapphire" Worm Mitigation Recommendations
http://www.security.unicamp.br/docs/bugs/2003/01/v112.txt
24/01/2003
----------
Anuncio de Atualizacao do Conectiva Linux (CLA-2003:566)
Assunto: Correcoes para virtual server e aplicacoes de terceiros
http://www.security.unicamp.br/docs/bugs/2003/01/v111.txt
Anuncio de Atualizacao do Conectiva Linux (CLA-2003:565)
Assunto: Correcao para ferramenta de configuracao do Virtual Server
http://www.security.unicamp.br/docs/bugs/2003/01/v110.txt
Debian Security Advisory (DSA 243-1)
Assunto: Vulnerabilidade de Seguranca no pacote kdemultimedia
http://www.security.unicamp.br/docs/bugs/2003/01/v109.txt
Debian Security Advisory (DSA 242-1)
Assunto: Vulnerabilidade de Seguranca no pacote kdebase
http://www.security.unicamp.br/docs/bugs/2003/01/v108.txt
Debian Security Advisory (DSA 241-1)
Assunto: Vulnerabilidade de Seguranca no pacote kdeutils
http://www.security.unicamp.br/docs/bugs/2003/01/v107.txt
CAIS-Alerta: CA-2003-03 Vulnerabilidade no Microsoft Windows Locator Service
Assunto: CERT Advisory CA-2003-03 Buffer Overflow in Windows Locator Service
http://www.security.unicamp.br/docs/bugs/2003/01/v106.txt
CAIS-Alerta: Vulnerabilidade no Outlook 2002 (812262)
Assunto:Microsoft Security Bulletin MS03-003: Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure (812262)
http://www.security.unicamp.br/docs/bugs/2003/01/v105.txt
CAIS-Alerta: Patch Acumulativo para o Microsoft Content Management Server (810487)
Assunto: Microsoft Security Bulletin MS03-02: Cumulative Patch for Microsoft Content Management Server (810487)
http://www.security.unicamp.br/docs/bugs/2003/01/v104.txt
CAIS-Alerta: Vulnerabilidade no Microsoft Locator Service (810833)
Assunto: Microsoft Security Bulletin MS03-001: Unchecked Buffer in Locator Service Could Lead to Code Execution (810833)
http://www.security.unicamp.br/docs/bugs/2003/01/v103.txt
23/01/2003
----------
CERT Advisory (CA-2003-03)
Assunto: Buffer Overflow in Windows Locator Service
http://www.security.unicamp.br/docs/bugs/2003/01/v102.txt
Conectiva Linux Security Announcement (CLA-2003:564)
Assunto: Buffer overflow vulnerability on libpng
http://www.security.unicamp.br/docs/bugs/2003/01/v101.txt
Anuncio de Seguranca do Conectiva Linux (CLA-2003:564)
Assunto: Vulnerabilidade de Seguranca no pacote libpng
http://www.security.unicamp.br/docs/bugs/2003/01/v100.txt
Anuncio de Atualizacao do Conectiva Linux (CLA-2003:560)
Assunto: Vulnerabilidade de Seguranca no pacote postgresql
http://www.security.unicamp.br/docs/bugs/2003/01/v99.txt
Conectiva Linux Security Announcement (CLA-2003:562)
Assunto: Remote Vulnerability on dhcp
http://www.security.unicamp.br/docs/bugs/2003/01/v98.txt
Anuncio de Seguranca do Conectiva Linux (CLA-2003:562)
Assunto: Vulnerabilidade Remota no pacote dhcp
http://www.security.unicamp.br/docs/bugs/2003/01/v97.txt
Debian Security Advisory (DSA 240-1)
Assunto: Vulnerabilidade de Seguranca no pacote kdegames
http://www.security.unicamp.br/docs/bugs/2003/01/v96.txt
Conectiva Linux Security Announcement (CLA-2003:561)
Assunto: Update: cvs remote double free() vulnerability
http://www.security.unicamp.br/docs/bugs/2003/01/v95.txt
Anuncio de Seguranca do Conectiva Linux (CLA-2003:561)
Assunto: Reedicao: vulnerabilidade remota no pacote cvs
http://www.security.unicamp.br/docs/bugs/2003/01/v94.txt
Debian Security Advisory (DSA 239-1)
Assunto: Vulnerabilidade de Seguranca no pacote kdesdk
http://www.security.unicamp.br/docs/bugs/2003/01/v93.txt
CAIS-Alerta: Vulnerabilidade no CVS - Concurrent Versions System
Assunto: CERT Advisory CA-2003-02 Double-Free Bug in CVS Server
http://www.security.unicamp.br/docs/bugs/2003/01/v92.txt
OpenPKG Security Advisory (OpenPKG-SA-2003.007)
Assunto: directory traversal vulnerability on wget
http://www.security.unicamp.br/docs/bugs/2003/01/v91.txt
Debian Security Advisory (DSA 238-1)
Assunto: Vulnerabilidades de Seguranca no pacote kdepim
http://www.security.unicamp.br/docs/bugs/2003/01/v90.txt
Microsoft Security Bulletin (MS02-070)
Assunto: Flaw in SMB Signing Could Enable Group Policy to be Modified (309376)
http://www.security.unicamp.br/docs/bugs/2003/01/v89.txt
Microsoft Security Bulletin (MS03-002)
Assunto: Cumulative Patch for Microsoft Content Management Server(810487)
http://www.security.unicamp.br/docs/bugs/2003/01/v88.txt
OpenPKG Security Advisory(OpenPKG-SA-2003.006)
Assunto: predictable filename allows arbitrary code execution on python
http://www.security.unicamp.br/docs/bugs/2003/01/v87.txt
Apache 2.0.44 Released
http://www.security.unicamp.br/docs/bugs/2003/01/v80.txt
22/01/2003
----------
Microsoft Security Bulletin (MS03-001)
Assunto: Flaw in how Outlook 2002 handles V1 Exchange Server
Security Certificates could lead to Information
Disclosure (812262)
http://www.security.unicamp.br/docs/bugs/2003/01/v86.txt
Microsoft Security Bulletin (MS03-001)
Assunto: Unchecked Buffer in Locator Service Could Lead to Code Execution (810833)
http://www.security.unicamp.br/docs/bugs/2003/01/v85.txt
CERT Advisory (CA-2003-02)
Assunto: Double-Free Bug in CVS Server
http://www.security.unicamp.br/docs/bugs/2003/01/v84.txt
Debian Security Advisory (DSA 237-1)
Assunto: Vulnerabilidades de Seguranca no pacote kdenetwork
http://www.security.unicamp.br/docs/bugs/2003/01/v83.txt
Slackware Security
Assunto: New CVS packages available
http://www.security.unicamp.br/docs/bugs/2003/01/v82.txt
Slackware Security
Assunto: New DHCP packages available
http://www.security.unicamp.br/docs/bugs/2003/01/v81.txt
SGI Security Advisory(20021103-02-P)
Assunto: Updated patches for SGI Advisories 20020903-02-P and 20021103-01-P
http://www.security.unicamp.br/docs/bugs/2003/01/v79.txt
Debian Security Advisory (DSA 235-1)
Assunto: Vulnerabilidades de Seguranca no pacote kdegraphics
http://www.security.unicamp.br/docs/bugs/2003/01/v78.txt
Debian Security Advisory (DSA 234-1)
Assunto: Vulnerabilidades de Seguranca no pacote kdeadmin
http://www.security.unicamp.br/docs/bugs/2003/01/v77.txt
21/01/2003
----------
SCO Security Advisory(CSSA-2003-005.0)
Assunto: Linux: canna buffer overflow and denial of service
http://www.security.unicamp.br/docs/bugs/2003/01/v76.txt
SGI Security Advisory(20021102-02-P)
Assunto: IRIX ToolTalk RPC Server Format String Vulnerability update
http://www.security.unicamp.br/docs/bugs/2003/01/v75.txt
Red Hat Security Advisory(RHSA-2002:202-25)
Assunto: Updated python packages fix predictable temporary file
http://www.security.unicamp.br/docs/bugs/2003/01/v74.txt
Anuncio de Atualizacao do Conectiva Linux (CLA-2003:560 )
Assunto: Vulnerabilidade remota no cvs
http://www.security.unicamp.br/docs/bugs/2003/01/v73.txt
Mandrake Linux Security Update Advisory(MDKSA-2003:010)
Assunto: Vulnerabilidades de Seguranca no pacote printer-drivers
http://www.security.unicamp.br/docs/bugs/2003/01/v72.txt
OpenPKG Security Advisory (OpenPKG-SA-2003.004)
Assunto: remote root compromise on cvs
http://www.security.unicamp.br/docs/bugs/2003/01/v71.txt
Debian Security Advisory (DSA 233-1)
Assunto: doubly freed memory on cvs
http://www.security.unicamp.br/docs/bugs/2003/01/v70.txt
Gentoo Linux Security Announcement (200301-12)
Assunto: arbitrary code execution on cvs
http://www.security.unicamp.br/docs/bugs/2003/01/v69.txt
OpenPKG Security Advisory(OpenPKG-SA-2003.003)
Assunto: arbitrary command execution on vim
http://www.security.unicamp.br/docs/bugs/2003/01/v68.txt
20/01/2003
----------
SCO Security Advisory(CSSA-2003-004.0)
Assunto: Linux: Multiple Security Vulnerabilities in the Common Unix Printing System (CUPS)
http://www.security.unicamp.br/docs/bugs/2003/01/v67.txt
Mandrake Linux Security Update Advisory(MDKSA-2003:009)
Assunto: Vulnerabilidades de Seguranca no pacote cvs
http://www.security.unicamp.br/docs/bugs/2003/01/v66.txt
Red Hat Security Advisory(RHSA-2003:012-07)
Assunto: Updated CVS packages available
http://www.security.unicamp.br/docs/bugs/2003/01/v65.txt
SuSE Security Announcement(SuSE-SA:2003:0006)
Assunto: Vulnerabilidade de Seguranca no dhcp
http://www.security.unicamp.br/docs/bugs/2003/01/v64.txt
Anuncio de Atualizacao do Conectiva Linux (CLA-2003:559)
Assunto: Mecanismo de autenticacao LOGIN habilitado em sasl
http://www.security.unicamp.br/docs/bugs/2003/01/v63.txt
SuSE Security Announcement(SuSE-SA:2003:005)
Assunto: remote command execution on susehelp
http://www.security.unicamp.br/docs/bugs/2003/01/v62.txt
18/01/2003
----------
Gentoo Linux Security Announcement (200301-11)
Assunto: multiple vulnerabilites in KDE
http://www.security.unicamp.br/docs/bugs/2003/01/v61.txt
17/01/2003
----------
Mandrake Linux Security Update Advisory (MDKSA-2003:007)
Assunto: Vulnerabilidade de Seguranca no pacote dhcp
http://www.security.unicamp.br/docs/bugs/2003/01/v60.txt
Gentoo Linux Security Announcement (200301-10)
Assunto: Vulnerabilidade de Seguranca no pacote dhcp
http://www.security.unicamp.br/docs/bugs/2003/01/v59.txt
Gentoo Linux Security Announcement (200301-9)
Assunto: Vulnerabilidade de Seguranca no pacote fnord
http://www.security.unicamp.br/docs/bugs/2003/01/v58.txt
16/01/2003
----------
Debian Security Advisory (DSA 230-1)
Assunto: insecure permissions, spurious backup files on bugzilla
http://www.security.unicamp.br/docs/bugs/2003/01/v57.txt
Red Hat Security Advisory(RHSA-2002:297-17)
Assunto: Updated vim packages fix modeline vulnerability
http://www.security.unicamp.br/docs/bugs/2003/01/v56.txt
Red Hat Security Advisory(RHSA-2003:011-07)
Assunto: Updated dhcp packages fix security vulnerabilities
http://www.security.unicamp.br/docs/bugs/2003/01/v55.txt
15/01/2003
----------
Red Hat Security Advisory(RHSA-2002:288-22)
Assunto: Updated MySQL packages fix various security issues
http://www.security.unicamp.br/docs/bugs/2003/01/v54.txt
14/01/2003
----------
Red Hat Security Advisory (RHSA-2003:010-10)
Assunto: Updated PostgreSQL packages fix buffer overrun vulnerabilities
http://www.security.unicamp.br/docs/bugs/2003/01/v53.txt
Debian Security Advisory (DSA 228-1)
Assunto: buffer overflows and memory leak on libmcrypt
http://www.security.unicamp.br/docs/bugs/2003/01/v52.txt
13/01/2003
----------
Mandrake Linux Security Update Advisory (MDKSA-2002:073-1)
Assunto: Vulnerabilidade de Seguranca no pacote krb
http://www.security.unicamp.br/docs/bugs/2003/01/v51.txt
Red Hat Security Advisory (RHSA-2003:006-06)
Assunto: libpng buffer overflow flaw:buf
http://www.security.unicamp.br/docs/bugs/2003/01/v50.txt
Gentoo Linux Security Announcement (200301-8)
Assunto: buffer overflow on mod_php, php
http://www.security.unicamp.br/docs/bugs/2003/01/v49.txt
10/01/2003
----------
SCO Security Advisory (CSSA-2003-SCO.1)
Assunto: UnixWare 7.1.1 Open UNIX 8.0.0 : command line argument buffer overflow in ps
http://www.security.unicamp.br/docs/bugs/2003/01/v48.txt
Debian Security Advisory (DSA 226-1)
Assunto: integer overflow on xpdf-i
http://www.security.unicamp.br/docs/bugs/2003/01/v47.txt
08/01/2003
----------
Red Hat Security Advisory (RHSA-2002:290-07)
Assunto: ethereal dissector PPP LMP TDS BGP on Ethereal packages
http://www.security.unicamp.br/docs/bugs/2003/01/v46.txt
07/01/2003
----------
Debian Security Advisory (DSA 223-1)
Assunto: information exposure in geneweb
http://www.security.unicamp.br/docs/bugs/2003/01/v45.txt
06/01/2003
----------
Atstake Security Advisory
Assunto: Etherleak: Ethernet frame padding information leakage
http://www.security.unicamp.br/docs/bugs/2003/01/v44.txt
Debian Security Advisory(DSA 222-1)
Assunto: integer overflow in xpdf
http://www.security.unicamp.br/docs/bugs/2003/01/v43.txt
--
Equipe de Seguranca em Sistemas e Redes
Unicamp - Universidade Estadual de Campinas
Mailto:security em unicamp.br
http://www.security.unicamp.br
Mais detalhes sobre a lista de discussão SECURITY-L