From security em unicamp.br  Wed Feb  1 10:56:47 2006
From: security em unicamp.br (CSIRT - UNICAMP)
Date: Wed, 1 Feb 2006 10:56:47 -0200
Subject: [SECURITY-L] End of support for Windows 98 and Windows Me
Message-ID: <20060201125647.GD67567@unicamp.br>

From: Nelson Murilo <nelson em pangeia.com.br>
Subject: [S] End of support for Windows 98 and Windows Me
To: seguranca em pangeia.com.br
Date: Wed, 1 Feb 2006 09:38:22 -0200

[http://www.microsoft.com/windows/support/endofsupport.mspx]

End of support for Windows 98 and Windows Me
Published: January 6, 2006 | Updated: January 18, 2006

June 30, 2006 will bring a close to Extended Support for Windows 98, Windows 98 
Second Edition, and Windows Me as part of the Microsoft Lifecycle Policy. 
Microsoft will retire public and technical support, including security updates,
by this date.

Existing support documents and content, however, will continue to be available
through the Microsoft Support Product Solution Center Web site. This Web site 
will continue to host a wealth of previous How-to, Troubleshooting, and 
Configuration content for anyone who may need self-service.

Microsoft is retiring support for these products because they are outdated and
can expose customers to security risks. We recommend that customers who are 
still running Windows 98 or Windows Me upgrade to a newer, more secure Microsoft
operating system, such as Windows XP, as soon as possible.

Customers who upgrade to Windows XP report improved security, richer functionality,
and increased productivity.



From security em unicamp.br  Mon Feb 13 17:01:44 2006
From: security em unicamp.br (CSIRT - UNICAMP)
Date: Mon, 13 Feb 2006 17:01:44 -0200
Subject: [SECURITY-L] Vulnerabilidades de seguranca
Message-ID: <20060213190143.GA81201@unicamp.br>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Srs. Assinantes,

Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp
com os seguintes boletins de vulnerabilidades:


Anúncio de Segurança do Conectiva Linux:
========================================
06/02/2006 - CLA-2006:1063
Assunto: Correção para arquivo de configuração do pacote sasl2.
http://www.security.unicamp.br/docs/bugs/2006/02/v32.txt


Debian Security Advisory:
=========================
10/02/2006 - DSA 967-1
Assunto: elog. 
http://www.security.unicamp.br/docs/bugs/2006/02/v8.txt

09/02/2006 - DSA 966-1
Assunto: adzapper. 
http://www.security.unicamp.br/docs/bugs/2006/02/v7.txt

06/02/2006 - DSA 965-1
Assunto: ipsec-tools. 
http://www.security.unicamp.br/docs/bugs/2006/02/v6.txt

03/02/2006 - DSA 964-1
Assunto: gnocatan. 
http://www.security.unicamp.br/docs/bugs/2006/02/v5.txt

02/02/2006 - DSA 963-1
Assunto: mydns.
http://www.security.unicamp.br/docs/bugs/2006/02/v3.txt

01/02/2006 - DSA 961-1
Assunto: pdfkit.framework.
http://www.security.unicamp.br/docs/bugs/2006/02/v4.txt

31/01/2006 - DSA 960-2
Assunto: libmail-audit-perl.
http://www.security.unicamp.br/docs/bugs/2006/01/v35.txt


Fedora Update Notification:
===========================
10/02/2006 - FEDORA-2006-107
Assunto: Fedora Core 4: gnutls. 
http://www.security.unicamp.br/docs/bugs/2006/02/v30.txt

10/02/2006 - FEDORA-2006-105
Assunto: Fedora Core 4: kdegraphics. 
http://www.security.unicamp.br/docs/bugs/2006/02/v29.txt

10/02/2006 - FEDORA-2006-104
Assunto: Fedora Core 4: xpdf. 
http://www.security.unicamp.br/docs/bugs/2006/02/v28.txt

10/02/2006 - FEDORA-2006-103
Assunto: Fedora Core 4: poppler. 
http://www.security.unicamp.br/docs/bugs/2006/02/v27.txt

07/02/2006 - FEDORA-2006-102
Assunto: Fedora Core 4: kernel. 
http://www.security.unicamp.br/docs/bugs/2006/02/v26.txt

06/02/2006 - FEDORA-2006-098
Assunto: Fedora Core 4: unzip.
http://www.security.unicamp.br/docs/bugs/2006/02/v25.txt

02/02/2006 - FEDORA-2006-076
Assunto: Fedora Core 4: firefox. 
http://www.security.unicamp.br/docs/bugs/2006/02/v24.txt

02/02/2006 - FEDORA-2006-075
Assunto: Fedora Core 4: mozilla.
http://www.security.unicamp.br/docs/bugs/2006/02/v23.txt


FreeBSD Security Advisory:
==========================
01/02/2006 - FreeBSD-SA-06:08.sack
Assunto: Infinite loop in SACK handling
http://www.security.unicamp.br/docs/bugs/2006/02/v2.txt


Gentoo Linux Security Advisory:
===============================
12/02/2006 - GLSA 200602-04
Assunto: Xpdf, Poppler: Heap overflow. 
http://www.security.unicamp.br/docs/bugs/2006/02/v36.txt

06/02/2006 - GLSA 200602-03
Assunto: Apache: Multiple vulnerabilities. 
http://www.security.unicamp.br/docs/bugs/2006/02/v35.txt

06/02/2006 - GLSA 200602-02
Assunto: ADOdb: PostgresSQL command injection.
http://www.security.unicamp.br/docs/bugs/2006/02/v34.txt

05/02/2006 - GLSA 200602-01
Assunto: GStreamer FFmpeg plugin: Heap-based buffer overflow.
http://www.security.unicamp.br/docs/bugs/2006/02/v33.txt


HP Security Bulletin:
=====================
10/02/2006 - HPSBMA02093 SSRT051102 rev.1
Assunto: HP HTTP Server Running on Windows, Forced Use of Weaker Security
Protocol. 
http://www.security.unicamp.br/docs/bugs/2006/02/v22.txt

09/02/2006 - HPSBMA02096 SSRT061108 rev.2
Assunto: HP Systems Insight Manager Remote Unauthorized Access - Directory
Traversal. 
http://www.security.unicamp.br/docs/bugs/2006/02/v41.txt

09/02/2006 - HPSBTU02095 SSRT051007 rev.2 - HP Tru64 UNIX Running DNS BIND4/
BIND8 with Forwarders: Remote Unauthorized Privileged Access.
http://www.security.unicamp.br/docs/bugs/2006/02/v21.txt

01/02/2006 - HPSBTU02095 SSRT051007 rev.1
Assunto: HP Tru64 UNIX Running DNS BIND Remote Unauthorized Privileged Access.
http://www.security.unicamp.br/docs/bugs/2006/02/v20.txt


KDE Security Advisories:
========================
02/02/2006
Assunto: kpdf/xpdf heap based buffer overflow.
http://www.security.unicamp.br/docs/bugs/2006/02/v31.txt


Mandriva Linux Security Update Advisory:
========================================
08/02/2006 - MDKSA-2006:038
Assunto: groff. 
http://www.security.unicamp.br/docs/bugs/2006/02/v19.txt

07/02/2006 - MDKSA-2006:037
Assunto: mozilla-firefox. 
http://www.security.unicamp.br/docs/bugs/2006/02/v18.txt

07/02/2006 - MDKSA-2006:036
Assunto: mozilla. 
http://www.security.unicamp.br/docs/bugs/2006/02/v17.txt

07/02/2006 - MDKSA-2006:035
Assunto: php. 
http://www.security.unicamp.br/docs/bugs/2006/02/v16.txt

06/02/2006 - MDKSA-2006:034
Assunto: openssh. 
http://www.security.unicamp.br/docs/bugs/2006/02/v15.txt

02/02/2006 - MDKSA-2006:033
Assunto: OpenOffice.org. 
http://www.security.unicamp.br/docs/bugs/2006/02/v14.txt

02/02/2006 - MDKSA-2006:032
Assunto: xpdf. 
http://www.security.unicamp.br/docs/bugs/2006/02/v13.txt

02/02/2006 - MDKSA-2006:031
Assunto: kdegraphics. 
http://www.security.unicamp.br/docs/bugs/2006/02/v12.txt

02/02/2006 - MDKSA-2006:030
Assunto: poppler. 
http://www.security.unicamp.br/docs/bugs/2006/02/v10.txt

02/02/2006 - MDKSA-2006:029
Assunto: libast. 
http://www.security.unicamp.br/docs/bugs/2006/02/v11.txt

01/02/2006 - MDKSA-2006:028
Assunto: php.
http://www.security.unicamp.br/docs/bugs/2006/02/v9.txt


SUSE Security Announcement:
===========================
10/02/2006 - SUSE-SA:2006:007
Assunto: binutils, kdelibs3, kdegraphics3, koffice, dia, lyx.
http://www.security.unicamp.br/docs/bugs/2006/02/v40.txt


Trustix Secure Linux Security Advisory:
=======================================
10/02/2006 - #2006-0006
Assunto: fcron, kernel, unzip.
http://www.security.unicamp.br/docs/bugs/2006/02/v39.txt


Ubuntu Security Notice:
=======================
10/02/2006 - USN-247-1
Assunto: heimdal vulnerability.
http://www.security.unicamp.br/docs/bugs/2006/02/v42.txt


US-CERT Technical Cyber Security Alert:
=======================================
07/02/2006 - TA06-038A
Assunto: Multiple Vulnerabilities in Mozilla Products. 
http://www.security.unicamp.br/docs/bugs/2006/02/v37.txt

01/02/2006 - TA06-032A
Assunto: Winamp Playlist Buffer Overflow
http://www.security.unicamp.br/docs/bugs/2006/02/v1.txt


- --
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - UNICAMP
mailto:security at unicamp.br
http://www.security.unicamp.br
GnuPG Public Key: http://www.security.unicamp.br/security.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFD8Nd3/UMb1l3gm8IRArNDAKCEzRUPF5Bpfb1MVow1LVnDtgj9FQCgvn3L
YQizYn9E/15ZLSGG+gqogDg=
=bGw9
-----END PGP SIGNATURE-----


From security em unicamp.br  Thu Feb 16 11:42:43 2006
From: security em unicamp.br (CSIRT - UNICAMP)
Date: Thu, 16 Feb 2006 11:42:43 -0200
Subject: [SECURITY-L] Vulnerabilidades de seguranca
Message-ID: <20060216134242.GA42796@unicamp.br>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Srs. Assinantes,

Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp
com os seguintes boletins de vulnerabilidades:


Anúncio de Segurança do Conectiva Linux:
========================================
16/02/2006 - CLA-2006:1064
Assunto: Nova versao do Clamav.
http://www.security.unicamp.br/docs/bugs/2006/02/v78.txt


CAIS-Alerta:
============
14/02/2006
Assunto: Vulnerabilidade no Microsoft Powerpoint 2000 (MS06-010). 
http://www.security.unicamp.br/docs/bugs/2006/02/v58.txt

14/02/2006
Assunto: Vulnerabilidade no servico Web Client (MS06-008). 
http://www.security.unicamp.br/docs/bugs/2006/02/v57.txt

14/02/2006
Assunto: Vulnerabilidade no IME do idioma Coreano (MS06-009). 
http://www.security.unicamp.br/docs/bugs/2006/02/v56.txt

14/02/2006
Assunto: Vulnerabilidade no Windows Media Player (MS06-005). 
http://www.security.unicamp.br/docs/bugs/2006/02/v55.txt

14/02/2006
Assunto: Vulnerabilidade na implementacao do protocolo TCP/IP (MS06-007). 
http://www.security.unicamp.br/docs/bugs/2006/02/v54.txt

14/02/2006
Assunto: Vulnerabilidade no Plug-in Windows Media Player (MS06-006). 
http://www.security.unicamp.br/docs/bugs/2006/02/v53.txt

14/02/2006
Assunto: Atualizacoes de seguranca para o Internet Explorer (MS06-004). 
http://www.security.unicamp.br/docs/bugs/2006/02/v52.txt

14/02/2006
Assunto: Termino do Horario de Verao 2005/2006. 
http://www.security.unicamp.br/docs/bugs/2006/02/v51.txt


Cisco Security Advisory:
========================
15/02/2006
Assunto: TACACS+ Authentication Bypass in Cisco Anomaly Detection and
Mitigation Products.
http://www.security.unicamp.br/docs/bugs/2006/02/v63.txt


Debian Security Advisory:
=========================
15/02/2006 - DSA 974-1
Assunto: gpdf. 
http://www.security.unicamp.br/docs/bugs/2006/02/v77.txt

15/02/2006 - DSA 976-1
Assunto: libast, libast1. 
http://www.security.unicamp.br/docs/bugs/2006/02/v49.txt

15/02/2006 - DSA 975-1
Assunto: nfs-user-server.
http://www.security.unicamp.br/docs/bugs/2006/02/v50.txt
 
14/02/2006 - DSA 971-1
Assunto: xpdf. 
http://www.security.unicamp.br/docs/bugs/2006/02/v48.txt

14/02/2006 - DSA 970-1
Assunto: kronolith. 
http://www.security.unicamp.br/docs/bugs/2006/02/v47.txt

13/02/2006 - DSA 969-1
Assunto: scponly. 
http://www.security.unicamp.br/docs/bugs/2006/02/v46.txt

13/02/2006 - DSA 968-1
Assunto: noweb. 
http://www.security.unicamp.br/docs/bugs/2006/02/v45.txt


Gentoo Linux Security Advisory:
===============================
15/02/2006 - GLSA 200602-07
Assunto: Sun JDK/JRE: Applet privilege escalation. 
http://www.security.unicamp.br/docs/bugs/2006/02/v64.txt

13/02/2006 - GLSA 200602-06
Assunto: ImageMagick: Format string vulnerability. 
http://www.security.unicamp.br/docs/bugs/2006/02/v44.txt

12/02/2006 - GLSA 200602-05
Assunto: KPdf: Heap based overflow. 
http://www.security.unicamp.br/docs/bugs/2006/02/v43.txt


HP Security Bulletin:
=====================
15/02/2006 - HPSBUX02097 SSRT051045 rev.2
Assunto: HP-UX Running DNS BIND4/BIND8 as Forwarders: Remote 
Unauthorized Privileged Access. 
http://www.security.unicamp.br/docs/bugs/2006/02/v62.txt

15/02/2006 - HPSBMA02096 SSRT061108 rev.3
Assunto: HP Systems Insight Manager Remote Unauthorized Access via 
Directory Traversal. 
http://www.security.unicamp.br/docs/bugs/2006/02/v61.txt


Mandriva Linux Security Update Advisory:
========================================
13/02/2006 - MDKSA-2006:039
Assunto: gnutls. 
http://www.security.unicamp.br/docs/bugs/2006/02/v60.txt


Slackware Security Advisory:
============================
14/02/2006 - SSA:2006-045-09
Assunto: xpdf. 
http://www.security.unicamp.br/docs/bugs/2006/02/v73.txt

14/02/2006 - SSA:2006-045-08
Assunto: sudo. 
http://www.security.unicamp.br/docs/bugs/2006/02/v72.txt

14/02/2006 - SSA:2006-045-07
Assunto: php. 
http://www.security.unicamp.br/docs/bugs/2006/02/v71.txt

14/02/2006 - SSA:2006-045-06
Assunto: openssh. 
http://www.security.unicamp.br/docs/bugs/2006/02/v70.txt

14/02/2006 - SSA:2006-045-05
Assunto: kdelibs. 
http://www.security.unicamp.br/docs/bugs/2006/02/v67.txt

14/02/2006 - SSA:2006-045-04
Assunto: kdegraphics. 
http://www.security.unicamp.br/docs/bugs/2006/02/v69.txt

14/02/2006 - SSA:2006-045-03
Assunto: imagemagick. 
http://www.security.unicamp.br/docs/bugs/2006/02/v66.txt

14/02/2006 - SSA:2006-045-02
Assunto: firefox.
http://www.security.unicamp.br/docs/bugs/2006/02/v65.txt

14/02/2006 - SSA:2006-045-01
Assunto: fetchmail.
http://www.security.unicamp.br/docs/bugs/2006/02/v68.txt


Ubuntu Security Notice:
=======================
15/02/2006 - USN-248-2
Assunto: unzip regression fix. 
http://www.security.unicamp.br/docs/bugs/2006/02/v75.txt 

13/02/2006 - USN-248-1
Assunto: unzip vulnerability. 
http://www.security.unicamp.br/docs/bugs/2006/02/v76.txt 

13/02/2006 - USN-250-1
Assunto: linux-source-2.6.12 vulnerability. 
http://www.security.unicamp.br/docs/bugs/2006/02/v74.txt 


US-CERT Technical Cyber Security Alert:
=======================================
14/02/2006 - TA06-045A
Assunto: Microsoft Windows, Windows Media Player, and Internet 
Explorer Vulnerabilities.
http://www.security.unicamp.br/docs/bugs/2006/02/v59.txt 


- --
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - UNICAMP
mailto:security at unicamp.br
http://www.security.unicamp.br
GnuPG Public Key: http://www.security.unicamp.br/security.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFD9IEd/UMb1l3gm8IRAkf9AKDZX733S5wR0cJuIChoLZQw5/yPowCgtrl+
sL1WFQ/F+NSYOjY93wDa7Uc=
=U4Yo
-----END PGP SIGNATURE-----


From security em unicamp.br  Wed Feb 22 10:22:47 2006
From: security em unicamp.br (CSIRT - UNICAMP)
Date: Wed, 22 Feb 2006 10:22:47 -0300
Subject: [SECURITY-L] [S] Preventing SSH Dictionary Attacks With DenyHosts
Message-ID: <20060222132247.GC87255@unicamp.br>

----- Forwarded message from Nelson Murilo <nelson em pangeia.com.br> -----

From: Nelson Murilo <nelson em pangeia.com.br>
Subject: [S] Preventing SSH Dictionary Attacks With DenyHosts
To: seguranca em pangeia.com.br
Date: Mon, 20 Feb 2006 10:16:14 -0300


[http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts]

Preventing SSH Dictionary Attacks With DenyHosts

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited: 02/07/2006

In this HowTo I will show how to install and configure DenyHosts. DenyHosts is a tool that observes login attempts to SSH, and if it finds failed login attempts again and again from the same IP address, DenyHosts blocks further login attempts from that IP address by putting it into /etc/hosts.deny. DenyHosts can be run by cron or as a daemon. In this tutorial I will run DenyHosts as a daemon.

>From the DenyHosts web site:

"DenyHosts is a script intended to be run by Linux system administrators to help thwart ssh server attacks.

If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc...) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system?

DenyHosts attempts to address the above... "

This tutorial is based on a Debian Sarge system, however, it should apply to other distributions with almost no modifications.

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

1 Installation

DenyHosts is written in Python, therefore we must install Python and also the Python development files first:

apt-get install python2.3-dev python2.3

Then we download and install DenyHosts like this:

cd /tmp
wget http://mesh.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.0.tar.gz
tar xvfz DenyHosts-2.0.tar.gz
cd DenyHosts-2.0
python setup.py install

This installs DenyHosts to /usr/share/denyhosts.

2 Configuration 
[...]


----- End forwarded message -----


From security em unicamp.br  Wed Feb 22 10:34:01 2006
From: security em unicamp.br (CSIRT - UNICAMP)
Date: Wed, 22 Feb 2006 10:34:01 -0300
Subject: [SECURITY-L] [S] Linux worm targets PHP flaw
Message-ID: <20060222133400.GE87255@unicamp.br>

----- Forwarded message from Nelson Murilo <nelson em pangeia.com.br> -----

From: Nelson Murilo <nelson em pangeia.com.br>
Subject: [S] Linux worm targets PHP flaw
To: seguranca em pangeia.com.br
Date: Mon, 20 Feb 2006 20:39:59 -0300



[http://www.theregister.co.uk/2006/02/20/linux_worm/]

Linux worm targets PHP flaw
Silly Mare
By John Leyden
Published Monday 20th February 2006 15:09 GMT
Get breaking Reg news straight to your desktop - click here to find out how

Internet ne'er do wells have created a Linux worm which uses a recently discovered vulnerability in XML-RPC for PHP, a popular open source component used in many applications, to attack vulnerable systems. The Mare-D worm also tries to take advantage of a security flaw in Mambo to spread. If successful, the worm installs an IRC-controlled backdoor on compromised systems.

Most affected applications have been updated to address the security flaw exploited by Mare-D, which anti-virus firms rate as a low risk. The malware is noteworthy mainly because of the rarity of malware strains targeting Linux systems rather than the minimal threat is poses. ®




----- End forwarded message -----


From security em unicamp.br  Wed Feb 22 16:48:31 2006
From: security em unicamp.br (CSIRT - UNICAMP)
Date: Wed, 22 Feb 2006 16:48:31 -0300
Subject: [SECURITY-L] Vulnerabilidades de seguranca
Message-ID: <20060222194831.GA88927@unicamp.br>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Srs. Assinantes,

Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp
com os seguintes boletins de vulnerabilidades:


Debian Security Advisory:
=========================
17/02/2006 - DSA 979-1
Assunto: pdfkit.framework. 
http://www.security.unicamp.br/docs/bugs/2006/02/v83.txt 

17/02/2006 - DSA 978-1
Assunto: gnupg. 
http://www.security.unicamp.br/docs/bugs/2006/02/v82.txt 

16/02/2006 - DSA 977-1
Assunto: heimdal. 
http://www.security.unicamp.br/docs/bugs/2006/02/v81.txt 

15/02/2006 - DSA 973-1
Assunto: otrs. 
http://www.security.unicamp.br/docs/bugs/2006/02/v80.txt 

15/02/2006 - DSA 972-1
Assunto: pdfkit.framework.
http://www.security.unicamp.br/docs/bugs/2006/02/v79.txt 


Gentoo Linux Security Advisory:
===============================
21/02/2006 - GLSA 200602-12
Assunto: GPdf: Heap overflows in included Xpdf code. 
http://www.security.unicamp.br/docs/bugs/2006/02/v88.txt 

20/02/2006 - GLSA 200602-11
Assunto: OpenSSH, Dropbear: Insecure use of system() call.
http://www.security.unicamp.br/docs/bugs/2006/02/v87.txt 

18/02/2006 - GLSA 200602-10
Assunto: GnuPG: Incorrect signature verification. 
http://www.security.unicamp.br/docs/bugs/2006/02/v86.txt 

16/02/2006 - GLSA 200602-09
Assunto: BomberClone: Remote execution of arbitrary code. 
http://www.security.unicamp.br/docs/bugs/2006/02/v85.txt 

16/02/2006 - GLSA 200602-08
Assunto: libtasn1, GNU TLS: Security flaw in DER decoding. 
http://www.security.unicamp.br/docs/bugs/2006/02/v84.txt 


Ubuntu Security Notice:
=======================
21/02/2006 - USN-256-1
Assunto: bluez-hcidump vulnerability. 
http://www.security.unicamp.br/docs/bugs/2006/02/v95.txt

21/02/2006 - USN-255-1
Assunto: openssh vulnerability. 
http://www.security.unicamp.br/docs/bugs/2006/02/v94.txt

21/02/2006 - USN-254-1
Assunto: noweb vulnerability. 
http://www.security.unicamp.br/docs/bugs/2006/02/v93.txt

17/02/2006 - USN-253-1
Assunto: heimdal vulnerability. 
http://www.security.unicamp.br/docs/bugs/2006/02/v92.txt

17/02/2006 - USN-252-1
Assunto: gnupg vulnerability. 
http://www.security.unicamp.br/docs/bugs/2006/02/v91.txt

16/02/2006 - USN-251-1
Assunto: libtasn1-2 vulnerability.
http://www.security.unicamp.br/docs/bugs/2006/02/v89.txt

13/02/2006 - USN-249-1
Assunto: xpdf, poppler, kdegraphics vulnerabilities. 
http://www.security.unicamp.br/docs/bugs/2006/02/v90.txt
 

- --
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - UNICAMP
mailto:security at unicamp.br
http://www.security.unicamp.br
GnuPG Public Key: http://www.security.unicamp.br/security.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFD/L/s/UMb1l3gm8IRAt9NAJ0WtaJkzOfU4ny1dnaOH3VAHMedNwCfc0VK
Oi6FQO/i8LgQyDmKlJMUqVc=
=jY3z
-----END PGP SIGNATURE-----


From security em unicamp.br  Thu Feb 23 14:43:11 2006
From: security em unicamp.br (CSIRT - UNICAMP)
Date: Thu, 23 Feb 2006 14:43:11 -0300
Subject: [SECURITY-L] Vulnerabilidades de seguranca
Message-ID: <20060223174309.GA76599@unicamp.br>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Srs. Assinantes,

Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp
com os seguintes boletins de vulnerabilidades:


Anúncio de Segurança do Conectiva Linux:
========================================
17/02/2006 - CLA-2006:1065
Assunto: Correção de falha de segurança no apache.
http://www.security.unicamp.br/docs/bugs/2006/02/v96.txt 


Fedora Legacy Update Advisory:
==============================
18/02/2006 - FLSA:175406
Assunto: Updated Apache httpd packages fix security issues. 
http://www.security.unicamp.br/docs/bugs/2006/02/v113.txt 

18/02/2006 - FLSA:152809
Assunto: Updated squid package fixes security issues. 
http://www.security.unicamp.br/docs/bugs/2006/02/v112.txt 

18/02/2006 - FLSA:168935
Assunto: Updated openssh packages fix security issues.
http://www.security.unicamp.br/docs/bugs/2006/02/v111.txt 


Fedora Update Notification:
===========================
17/02/2006 - FEDORA-2006-116
Assunto: Fedora Core 4: gnupg.
http://www.security.unicamp.br/docs/bugs/2006/02/v97.txt 
 

HP Security Bulletin:
=====================
17/02/2006 - HPSBMA01224 SSRT051023 rev.6
Assunto: HP OpenView Network Node Manager (OV NNM) Remote 
Unauthorized Privileged Access. 
http://www.security.unicamp.br/docs/bugs/2006/02/v98.txt 


Mandriva Linux Security Update Advisory:
========================================
21/02/2006 - MDKSA-2006:046
Assunto: tar. 
http://www.security.unicamp.br/docs/bugs/2006/02/v110.txt 

21/02/2006 - MDKSA-2006:045
Assunto: MySQL. 
http://www.security.unicamp.br/docs/bugs/2006/02/v109.txt 

21/02/2006 - MDKSA-2006:044
Assunto: kernel. 
http://www.security.unicamp.br/docs/bugs/2006/02/v108.txt 

17/02/2006 - MDKSA-2006:043
Assunto: gnupg. 
http://www.security.unicamp.br/docs/bugs/2006/02/v107.txt 

17/02/2006 - MDKSA-2006:042
Assunto: libtiff. 
http://www.security.unicamp.br/docs/bugs/2006/02/v106.txt 

17/02/2006 - MDKSA-2006:041
Assunto: bluez-hcidump. 
http://www.security.unicamp.br/docs/bugs/2006/02/v105.txt 

17/02/2006 - MDKSA-2006:040
Assunto: kernel. 
http://www.security.unicamp.br/docs/bugs/2006/02/v104.txt 


OpenPKG Security Advisory:
==========================
19/02/2006 - OpenPKG-SA-2006.005
Assunto: tin. 
http://www.security.unicamp.br/docs/bugs/2006/02/v103.txt 

19/02/2006 - OpenPKG-SA-2006.004
Assunto: postgresql. 
http://www.security.unicamp.br/docs/bugs/2006/02/v102.txt 

18/02/2006 - OpenPKG-SA-2006.003
Assunto: openssh. 
http://www.security.unicamp.br/docs/bugs/2006/02/v101.txt 

18/02/2006 - OpenPKG-SA-2006.002
Assunto: sudo. 
http://www.security.unicamp.br/docs/bugs/2006/02/v100.txt 

18/02/2006 - OpenPKG-SA-2006.001
Assunto: gnupg.
http://www.security.unicamp.br/docs/bugs/2006/02/v99.txt 


SUSE Security Announcement:
===========================
20/02/2006 - SUSE-SA:2006:009
Assunto: gpg, liby2util. 
http://www.security.unicamp.br/docs/bugs/2006/02/v114.txt 


US-CERT Technical Cyber Security Alert:
=======================================
22/02/2006 - TA06-053A
Assunto: Apple Mac OS X Safari Command Execution Vulnerability. 
http://www.security.unicamp.br/docs/bugs/2006/02/v115.txt 


- --
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - UNICAMP
mailto:security at unicamp.br
http://www.security.unicamp.br
GnuPG Public Key: http://www.security.unicamp.br/security.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFD/fQF/UMb1l3gm8IRAoE4AKDeK+oXqvkZ69WirT2/GumfMqqToQCgu7ab
AZgyfcREFhMzaoTBKgrQrog=
=WMkm
-----END PGP SIGNATURE-----