From security em unicamp.br Wed Jun 7 11:10:17 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 7 Jun 2006 11:10:17 -0300 Subject: [SECURITY-L] Vulnerabilidades de Seguranca Message-ID: <20060607141017.GA84446@unicamp.br> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Srs. Assinantes, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: Debian Security Advisory: ========================= 31/05/2006 - DSA 1084-1 Assunto: typespeed http://www.security.unicamp.br/docs/bugs/2006/05/v125.txt FreeBSD Security Advisory: ========================== 31/06/2006 - FreeBSD-SA-06:16.smbfs Assunto: smbfs chroot escape http://www.security.unicamp.br/docs/bugs/2006/04/v128.txt 31/06/2006 - FreeBSD-SA-06:15.ypserv Assunto: ypserv http://www.security.unicamp.br/docs/bugs/2006/04/v128.txt Gentoo Linux Security Advisory: =============================== 30/05/2006 - GLSA 200605-17 Assunto: libTIFF: Multiple vulnerabilities http://www.security.unicamp.br/docs/bugs/2006/05/v124.txt 30/05/2006 - GLSA 200605-16 Assunto: CherryPy: Directory traversal vulnerability http://www.security.unicamp.br/docs/bugs/2006/05/v123.txt HP Security Bulletin: ===================== 31/06/2006 - HPSBUX02122 SSRT061158 rev.1 Assunto: HP-UX Mozilla Remote Execution of Arbitrary Code, Denial of Service (DoS) http://www.security.unicamp.br/docs/bugs/2006/05/v127.txt Mandriva Linux Security Update Advisory: ======================================== 30/05/2006 - MDKSA-2006:093 Assunto: dia http://www.security.unicamp.br/docs/bugs/2006/05/v122.txt SUSE Security Announcement: =========================== 31/06/2006 - SUSE-SA:2006:029 Assunto: rug http://www.security.unicamp.br/docs/bugs/2006/05/v126.txt - -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security at unicamp.br http://www.security.unicamp.br GnuPG Public Key: http://www.security.unicamp.br/security.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFEht4V/UMb1l3gm8IRAtT8AKDB0ugOJPQ8d0Ip5MCTvpI9eDbrDwCguvdS IV3FNSF72QV0ofPgRKNB7mY= =7e71 -----END PGP SIGNATURE----- From security em unicamp.br Wed Jun 7 12:31:11 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 7 Jun 2006 12:31:11 -0300 Subject: [SECURITY-L] Vulnerabilidades de Seguranca Message-ID: <20060607153110.GA84612@unicamp.br> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Srs. Assinantes, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: Anúncio de Segurança do Conectiva Linux: ======================================== 07/06/2006 - CLA-2006:1075 Assunto: kaffeine http://www.security.unicamp.br/docs/bugs/2006/06/v019.txt 07/06/2006 - CLA-2006:1074 Assunto: rdesktop http://www.security.unicamp.br/docs/bugs/2006/06/v018.txt 07/06/2006 - CLA-2006:1073 Assunto: webmin http://www.security.unicamp.br/docs/bugs/2006/06/v017.txt 07/06/2006 - CLA-2006:1072 Assunto: openssh http://www.security.unicamp.br/docs/bugs/2006/06/v016.txt 07/06/2006 - CLA-2006:1071 Assunto: samba http://www.security.unicamp.br/docs/bugs/2006/06/v015.txt CAIS-Alerta: ============ 02/06/2006 - CAIS-Alerta Assunto: Multiplas vulnerabilidades em produtos Mozilla http://www.security.unicamp.br/docs/bugs/2006/06/v003.txt 02/06/2006 - CAIS-Alerta Asunto: Vulnerabilidades em produtos Symantec e F-Secure http://www.security.unicamp.br/docs/bugs/2006/06/v005.txt Debian Security Advisory: ========================= 06/06/2006 - DSA 1090-1 Assunto: spamassassin http://www.security.unicamp.br/docs/bugs/2006/06/v014.txt 03/06/2006 - DSA 1089-1 Assunto: freeradius http://www.security.unicamp.br/docs/bugs/2006/06/v009.txt 03/06/2006 - DSA 1088-1 Assunto: centericq http://www.security.unicamp.br/docs/bugs/2006/06/v008.txt 03/06/2006 - DSA 1087-1 Assunto: postgresql http://www.security.unicamp.br/docs/bugs/2006/06/v007.txt 02/06/2006 - DSA 1086-1 Assunto: xmcd http://www.security.unicamp.br/docs/bugs/2006/06/v006.txt 01/06/2006 - DSA 1085-1 Assunto: lynx-ssl http://www.security.unicamp.br/docs/bugs/2006/06/v002.txt Mandriva Linux Security Update Advisory: ======================================== 05/06/2006 - MDKSA-2006:095 Assunto: libtiff http://www.security.unicamp.br/docs/bugs/2006/06/v013.txt 01/06/2006 - MDKSA-2006:094 Assunto: evolution http://www.security.unicamp.br/docs/bugs/2006/06/v001.txt Slackware Security Advisory: ============================ 05/06/2006 - SSA:2006-155-02 Assunto: firefox/thunderbird/seamonkey http://www.security.unicamp.br/docs/bugs/2006/06/v010.txt 05/06/2006 - SSA:2006-155-01 Assunto: MySQL http://www.security.unicamp.br/docs/bugs/2006/06/v011.txt Trustix Secure Linux Security Advisory: ======================================= 05/06/2006 - #2006-0032 Assunto: kernel, postgresql http://www.security.unicamp.br/docs/bugs/2006/06/v012.txt US-CERT Technical Cyber Security Alert: ======================================= 02/06/2006 - TA06-153A Assunto: Mozilla Products Contain Multiple Vulnerabilities http://www.security.unicamp.br/docs/bugs/2006/06/v004.txt - -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security at unicamp.br http://www.security.unicamp.br GnuPG Public Key: http://www.security.unicamp.br/security.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD4DBQFEhvEH/UMb1l3gm8IRAplZAJitJA6tEKl/Ku8pdGEkEcCvOBb5AKCUOL9+ 4hGg0YHJubROOEqa50GLpQ== =hxSF -----END PGP SIGNATURE----- From security em unicamp.br Wed Jun 7 17:07:05 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 7 Jun 2006 17:07:05 -0300 Subject: [SECURITY-L] Vulnerabilidades de Seguranca In-Reply-To: <000e01c68a65$4804ec50$1d936a8f@prefeitura.unicamp.br> References: <20060607153110.GA84612@unicamp.br> <000e01c68a65$4804ec50$1d936a8f@prefeitura.unicamp.br> Message-ID: <20060607200705.GA84903@unicamp.br> Prezado Rafael, Esses e-mails servem pra voce manter atualizadas as maquinas da sua Unidade. Divulgamos os boletins de seguranca para que o administrador avalie e atualize suas maquinas. Caso nao queira mais receber basta se descadastrar da lista. Atenciosamente, Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security em unicamp.br http://www.security.unicamp.br GnuPG Public Key: http://www.security.unicamp.br/security.asc On Wed, Jun 07, 2006 at 04:05:00PM -0300, Rafael O. Jorge wrote: > poxa.... > > pra que esses e-mails? > > Rafael O. Jorge > Telefonia - Unicamp > 55 19 3788-8029 > ----- Original Message ----- > From: "CSIRT - UNICAMP" > To: > Sent: Wednesday, June 07, 2006 12:31 PM > Subject: [SECURITY-L] Vulnerabilidades de Seguranca > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Srs. Assinantes, > > > > Atualizamos o site do CSIRT (Computer Security Incident Response Team) da > Unicamp > > com os seguintes boletins de vulnerabilidades: > > > > > > Anúncio de Segurança do Conectiva Linux: > > ======================================== > > 07/06/2006 - CLA-2006:1075 > > Assunto: kaffeine > > http://www.security.unicamp.br/docs/bugs/2006/06/v019.txt > > > > 07/06/2006 - CLA-2006:1074 > > Assunto: rdesktop > > http://www.security.unicamp.br/docs/bugs/2006/06/v018.txt > > > > 07/06/2006 - CLA-2006:1073 > > Assunto: webmin > > http://www.security.unicamp.br/docs/bugs/2006/06/v017.txt > > > > 07/06/2006 - CLA-2006:1072 > > Assunto: openssh > > http://www.security.unicamp.br/docs/bugs/2006/06/v016.txt > > > > 07/06/2006 - CLA-2006:1071 > > Assunto: samba > > http://www.security.unicamp.br/docs/bugs/2006/06/v015.txt > > > > CAIS-Alerta: > > ============ > > 02/06/2006 - CAIS-Alerta > > Assunto: Multiplas vulnerabilidades em produtos Mozilla > > http://www.security.unicamp.br/docs/bugs/2006/06/v003.txt > > > > 02/06/2006 - CAIS-Alerta > > Asunto: Vulnerabilidades em produtos Symantec e F-Secure > > http://www.security.unicamp.br/docs/bugs/2006/06/v005.txt > > > > Debian Security Advisory: > > ========================= > > 06/06/2006 - DSA 1090-1 > > Assunto: spamassassin > > http://www.security.unicamp.br/docs/bugs/2006/06/v014.txt > > > > 03/06/2006 - DSA 1089-1 > > Assunto: freeradius > > http://www.security.unicamp.br/docs/bugs/2006/06/v009.txt > > > > 03/06/2006 - DSA 1088-1 > > Assunto: centericq > > http://www.security.unicamp.br/docs/bugs/2006/06/v008.txt > > > > 03/06/2006 - DSA 1087-1 > > Assunto: postgresql > > http://www.security.unicamp.br/docs/bugs/2006/06/v007.txt > > > > 02/06/2006 - DSA 1086-1 > > Assunto: xmcd > > http://www.security.unicamp.br/docs/bugs/2006/06/v006.txt > > > > 01/06/2006 - DSA 1085-1 > > Assunto: lynx-ssl > > http://www.security.unicamp.br/docs/bugs/2006/06/v002.txt > > > > Mandriva Linux Security Update Advisory: > > ======================================== > > 05/06/2006 - MDKSA-2006:095 > > Assunto: libtiff > > http://www.security.unicamp.br/docs/bugs/2006/06/v013.txt > > > > 01/06/2006 - MDKSA-2006:094 > > Assunto: evolution > > http://www.security.unicamp.br/docs/bugs/2006/06/v001.txt > > > > Slackware Security Advisory: > > ============================ > > 05/06/2006 - SSA:2006-155-02 > > Assunto: firefox/thunderbird/seamonkey > > http://www.security.unicamp.br/docs/bugs/2006/06/v010.txt > > > > 05/06/2006 - SSA:2006-155-01 > > Assunto: MySQL > > http://www.security.unicamp.br/docs/bugs/2006/06/v011.txt > > > > Trustix Secure Linux Security Advisory: > > ======================================= > > 05/06/2006 - #2006-0032 > > Assunto: kernel, postgresql > > http://www.security.unicamp.br/docs/bugs/2006/06/v012.txt > > > > US-CERT Technical Cyber Security Alert: > > ======================================= > > 02/06/2006 - TA06-153A > > Assunto: Mozilla Products Contain Multiple Vulnerabilities > > http://www.security.unicamp.br/docs/bugs/2006/06/v004.txt > > > > - -- > > Computer Security Incident Response Team - CSIRT > > Universidade Estadual de Campinas - UNICAMP > > mailto:security at unicamp.br > > http://www.security.unicamp.br > > GnuPG Public Key: http://www.security.unicamp.br/security.asc > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.2 (FreeBSD) > > > > iD4DBQFEhvEH/UMb1l3gm8IRAplZAJitJA6tEKl/Ku8pdGEkEcCvOBb5AKCUOL9+ > > 4hGg0YHJubROOEqa50GLpQ== > > =hxSF > > -----END PGP SIGNATURE----- > > _______________________________________________ > > SECURITY-L mailing list > > http://www.listas.unicamp.br/mailman/listinfo/security-l > > > From security em unicamp.br Thu Jun 8 16:45:50 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 8 Jun 2006 16:45:50 -0300 Subject: [SECURITY-L] Vulnerabilidades de Seguranca Message-ID: <20060608194549.GA80813@unicamp.br> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Srs. Assinantes, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: Anúncio de Segurança do Conectiva Linux: ======================================== 08/06/2006 - CLA-2006:1080 Assunto: mod_auth_pgsql http://www.security.unicamp.br/docs/bugs/2006/06/v039.txt 08/06/2006 - CLA-2006:1079 Assunto: xscreansaver http://www.security.unicamp.br/docs/bugs/2006/06/v038.txt 08/06/2006 - CLA-2006:1078 Assunto: bogofilter http://www.security.unicamp.br/docs/bugs/2006/06/v037.txt 08/06/2006 - CLA-2006:1077 Assunto: w3c-libwww http://www.security.unicamp.br/docs/bugs/2006/06/v036.txt 08/06/2006 - CLA-2006:1076 Assunto: Mplayer http://www.security.unicamp.br/docs/bugs/2006/06/v035.txt CAIS-Alerta: ============ 07/06/2006 - CAIS-Alerta Assunto: Vulnerabilidade de execucao remota de codigo no SpamAssassin http://www.security.unicamp.br/docs/bugs/2006/06/v021.txt Fedora Legacy Update Advisory: ============================== 07/06/2006 - FLSA:190941 Assunto: Updated ipesec-tools packages fixes security issue http://www.security.unicamp.br/docs/bugs/2006/06/v028.txt 07/06/2006 - FLSA:189137-1 Assunto: Updated mozilla packages fix security issues http://www.security.unicamp.br/docs/bugs/2006/06/v026.txt 06/06/2006 - FLSA:190884 Assunto: Updated squirrelmail package fixes security issues http://www.security.unicamp.br/docs/bugs/2006/06/v029.txt 06/06/2006 - FLSA:190777 Assunto: Updated X.org packages fix security issue http://www.security.unicamp.br/docs/bugs/2006/06/v027.txt 06/06/2006 - FLSA:189137-2 Assunto: Updated firefox package fixes security issues http://www.security.unicamp.br/docs/bugs/2006/06/v030.txt Gentoo Linux Security Advisory: =============================== 07/06/2006 - GLSA 200606-06 Assunto: AWStats: Remote execution of arbitrary http://www.security.unicamp.br/docs/bugs/2006/06/v034.txt 07/06/2006 - GLSA 200606-05 Assunto: Pound: HTTP request smuggling http://www.security.unicamp.br/docs/bugs/2006/06/v024.txt 07/06/2006 - GLSA 200606-04 Assuntp: Tor Several vulnerabilities http://www.security.unicamp.br/docs/bugs/2006/06/v023.txt 07/06/2006 - GLSA 200606-03 Assunto: Dia Format string vulnerabilities http://www.security.unicamp.br/docs/bugs/2006/06/v022.txt 07/06/2006 - GLSA 200606-02 Assunto: shadow: Privilege escalation http://www.security.unicamp.br/docs/bugs/2006/06/v020.txt 07/06/2006 - GLSA 200606-01 Assunto: Opera Buffer overflow http://www.security.unicamp.br/docs/bugs/2006/06/v025.txt Mandriva Linux Security Update Advisory: ======================================== 07/06/2006 - MDKSA-2006:098 Assunto: Postgresql http://www.security.unicamp.br/docs/bugs/2006/06/v033.txt 07/06/2006 - MDKSA-2006:097 Assunto: MySQL http://www.security.unicamp.br/docs/bugs/2006/06/v032.txt 07/06/2006 - MDKSA-2006:096 Assunto: openldap http://www.security.unicamp.br/docs/bugs/2006/06/v031.txt - -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security at unicamp.br http://www.security.unicamp.br GnuPG Public Key: http://www.security.unicamp.br/security.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFEiH4x/UMb1l3gm8IRAqyyAJ9HPoc+rgnWAoJWSdKfuEGexCV8YwCghSJA hAt8MoMIE7YJYN1fKiFXsS4= =Ue08 -----END PGP SIGNATURE----- From security em unicamp.br Mon Jun 12 11:19:31 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Mon, 12 Jun 2006 11:19:31 -0300 Subject: [SECURITY-L] Vulnerabilidades de Seguranca Message-ID: <20060612141931.GA66129@unicamp.br> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Srs. Assinantes, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: Debian Security Advisory: ========================= 10/06/2006 - DSA 1095-1 Assunto: freetype http://www.security.unicamp.br/docs/bugs/2006/06/v058.txt 08/06/2006 - DSA 1094-1 Assunto: gforce http://www.security.unicamp.br/docs/bugs/2006/06/v049.txt 08/06/2006 - DSA 1093-1 Assunto: xine-ui http://www.security.unicamp.br/docs/bugs/2006/06/v045.txt 08/06/2006 - DSA 1092-1 Assunto: mysql-dfsg-4.1 http://www.security.unicamp.br/docs/bugs/2006/06/v041.txt 08/06/2006 - DSA 1091-1 Assunto: tiff http://www.security.unicamp.br/docs/bugs/2006/06/v042.txt Gentoo Linux Security Advisory: =============================== 09/06/2006 - GLSA 200606-08 Assunto: WordPress: Arbitrary command execution http://www.security.unicamp.br/docs/bugs/2006/06/v053.txt 09/06/2006 - GLSA 200606-07 Assunto: Vixie Cron: Privilege Escalation http://www.security.unicamp.br/docs/bugs/2006/06/v050.txt HP Security Bulletin: ===================== 08/06/2006 - HPSBUX02090 SSRT051058 rev.2 Assunto: HP-UX Secure Shell Remote Denial of Service (DoS) http://www.security.unicamp.br/docs/bugs/2006/06/v046.txt 08/06/2006 - HPSBMA02121 SSRT061157 rev.2 Assunto: HP OpenView Storage Data Protector Remote Arbitrary Command Execution http://www.security.unicamp.br/docs/bugs/2006/06/v040.txt Trustix Secure Linux Security Advisory: ======================================= 09/06/2006 - #2006-0034 Assunto: binutils, mysql, spamassassin http://www.security.unicamp.br/docs/bugs/2006/06/v056.txt Ubuntu Security Notice: ======================= 09/06/2006 - USN-296-1 Assunto: firefox vulnerabilities http://www.security.unicamp.br/docs/bugs/2006/06/v057.txt 09/06/2006 - USN-288-3 Assunto: dovecot, exim4, postfix vulnerabilities http://www.security.unicamp.br/docs/bugs/2006/06/v054.txt 09/06/2006 - USN-288-2 Assunto: postgresql-8.1 vulnerabilities http://www.security.unicamp.br/docs/bugs/2006/06/v055.txt 09/06/2006 - USN-295-1 Assunto: xine-lib vulnerability http://www.security.unicamp.br/docs/bugs/2006/06/v047.txt 09/06/2006 - USN-294-1 Assunto: courier vulnerability http://www.security.unicamp.br/docs/bugs/2006/06/v048.txt 09/06/2006 - USN-293-1 Assunto: gdm vulnerability http://www.security.unicamp.br/docs/bugs/2006/06/v051.txt 09/06/2006 - USN-292-1 Assunto: binutils vulnerability http://www.security.unicamp.br/docs/bugs/2006/06/v052.txt 08/06/2006 - USN-291-1 Assunto: freetype vulnerabilities http://www.security.unicamp.br/docs/bugs/2006/05/v042.txt 08/06/2006 - USN-289-1 Assunto: tiff vulnerabilities http://www.security.unicamp.br/docs/bugs/2006/06/v043.txt - -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security at unicamp.br http://www.security.unicamp.br GnuPG Public Key: http://www.security.unicamp.br/security.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFEjXfH/UMb1l3gm8IRAvtGAKDUorSP6/aU3DyCyeKWRRfk6bAwowCeMbM3 Yc5hrtqb4KriaEFEcBdJJdA= =IQLi -----END PGP SIGNATURE----- From security em unicamp.br Wed Jun 14 09:54:41 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 14 Jun 2006 09:54:41 -0300 Subject: [SECURITY-L] Vulnerabilidades de Seguranca Message-ID: <20060614125440.GA56076@unicamp.br> Srs. Assinantes, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: Debian Security Advisory: ========================= 13/06/2006 - DSA 1096-1 Assunto: webcalendar http://www.security.unicamp.br/docs/bugs/2006/06/v066.txt Gentoo Linux Security Advisory: =============================== 12/06/2006 - GLSA 200606-14 Assunto: GDM: Privilege escalation http://www.security.unicamp.br/docs/bugs/2006/06/v063.txt 11/06/2006 - GLSA 200606-13 Assunto: MySQL: SQL Injection http://www.security.unicamp.br/docs/bugs/2006/06/v062.txt 11/06/2006 - GLSA 200606-12 Assunto: Mozilla Firefox: Multiple vulnerabilities http://www.security.unicamp.br/docs/bugs/2006/06/v061.txt 11/06/2006 - GLSA 200606-11 Assunto: JPEG library: Denial of Service http://www.security.unicamp.br/docs/bugs/2006/06/v060.txt 11/06/2006 - GLSA 200606-10 Assunto: Cscope: Many buffer overflows http://www.security.unicamp.br/docs/bugs/2006/06/v059.txt 11/06/2006 - GLSA 200606-09 Assunto: SpamAssassin: Execution of arbitrary code http://www.security.unicamp.br/docs/bugs/2006/06/v064.txt Mandriva Linux Security Update Advisory: ======================================== 12/06/2006 - MDKSA-2006:099 Assunto: Freetype2 http://www.security.unicamp.br/docs/bugs/2006/06/v065.txt US-CERT Technical Cyber Security Alert: ======================================= 13/06/2006 - TA06-164A Assunto: Microsoft Windows, Internet Explorer, Media Player, Word, PowerPoint, and Exchange Vulnerabilities http://www.security.unicamp.br/docs/bugs/2006/06/v067.txt -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security at unicamp.br http://www.security.unicamp.br GnuPG Public Key: http://www.security.unicamp.br/security.asc From security em unicamp.br Mon Jun 19 16:32:36 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Mon, 19 Jun 2006 16:32:36 -0300 Subject: [SECURITY-L] Vulnerabilidades de Seguranca Message-ID: <20060619193235.GA55388@unicamp.br> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Srs. Assinantes, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: CAIS-Alerta: ============ 14/06/2006 - CAIS-alerta Assunto: Vulnerabilidade na Autenticacao Mutua do RPC no Microsoft Windows http://www.security.unicamp.br/docs/bugs/2006/06/v095.txt 14/06/2006 - CAIS-alerta Assunto: Vulnerabilidade no Microsoft PowerPoint http://www.security.unicamp.br/docs/bugs/2006/06/v094.txt 14/06/2006 - CAIS-alerta Assunto: Vulnerabilidade no Windows Media Player http://www.security.unicamp.br/docs/bugs/2006/06/v088.txt 14/06/2006 - CAIS-Alerta Assunto: Vulnerabilidade no Microsoft Word http://www.security.unicamp.br/docs/bugs/2006/06/v088.txt 14/06/2006 - CAIS-Alerta Assunto: Vulnerabilidade no Microsoft Exchange Server OWA http://www.security.unicamp.br/docs/bugs/2006/06/v087.txt 14/06/2006 - CAIS-Alerta Assunto: Vulnerabilidade no Microsoft JScript http://www.security.unicamp.br/docs/bugs/2006/06/v084.txt 14/06/2006 - CAIS-Alerta Assunto: Vulnerabilidade no mecanismo de processamento de elementos graficos do Windows http://www.security.unicamp.br/docs/bugs/2006/06/v082.txt 14/06/2006 - CAIS-Alerta Assunto: Vulnerabilidade no Server Message Block http://www.security.unicamp.br/docs/bugs/2006/06/v081.txt 14/06/2006 - CAIS-Alerta Assunto: Vulnerabilidade no TCP/IP do Microsoft Windows http://www.security.unicamp.br/docs/bugs/2006/06/v080.txt 14/06/2006 - CAIS-Alerta Assunto: Vulnerabilidade no processamento de imagem do Microsoft Windows http://www.security.unicamp.br/docs/bugs/2006/06/v076.txt 14/06/2006 - CAIS-Alerta Assunto: Atualizacoes de seguranca para o Internet Explorer http://www.security.unicamp.br/docs/bugs/2006/06/v075.txt Debian Security Advisory: ========================= 15/06/2006 - DSA 1100-1 Assunto: wv2 http://www.security.unicamp.br/docs/bugs/2006/06/v099.txt 14/06/2006 - DSA 1099-1 Assunto: horde2 http://www.security.unicamp.br/docs/bugs/2006/06/v092.txt 14/06/2006 - DSA 1098-1 Assunto: horde3 http://www.security.unicamp.br/docs/bugs/2006/06/v085.txt 14/06/2006 - DSA 1097-1 Assunto: kernel-source-2.4.27 http://www.security.unicamp.br/docs/bugs/2006/06/v078.txt FreeBSD Security Advisory: ========================== 14/06/2006 - FreeBSD Security Advisory FreeBSD-SA-06:17 Assunto: sendmail http://www.security.unicamp.br/docs/bugs/2006/06/v093.txt Gentoo Linux Security Advisory: =============================== 19/06/2006 - GLSA 200606-21 Assunto: Mozilla Thunderbird: Multiple vulnerabilities http://www.security.unicamp.br/docs/bugs/2006/06/v113.txt 15/06/2006 - GLSA 200606-19 Assunto: Sendmail: Denial of Service http://www.security.unicamp.br/docs/bugs/2006/06/v103.txt 15/06/2006 - GLSA 200606-18 Assunto: PAM-MySQL: Multiple vulnerability http://www.security.unicamp.br/docs/bugs/2006/06/v101.txt 15/06/2006 - GLSA 200606-17 Assunto: OpenLDAP: Buffer overflow http://www.security.unicamp.br/docs/bugs/2006/06/v102.txt 14/06/2006 - GLSA 200606-16 Assunto: DokuWiki: PHP code injection http://www.security.unicamp.br/docs/bugs/2006/06/v074.txt 14/06/2006 - GLSA 200606-15 Assunto: Asterisk: IAX2 video frame buffer overflow http://www.security.unicamp.br/docs/bugs/2006/06/v077.txt HP Security Bulletin: ===================== 19/06/2006 - HPSBTU02116 SSRT061135 rev.2 Assunto: HP Tru64 UNIX and HP Internet Express for Tru64 UNIX Running sendmail, Remote Execution of Arbitrary Code or Denial of Service (DoS) http://www.security.unicamp.br/docs/bugs/2006/06/v112.txt 16/06/2006 - HPSBUX02115 SSRT061077 rev.1 Assunto: HP-UX running Support Tools Manager (xstm, cstm, stm)Local Denial of Service (DoS) http://www.security.unicamp.br/docs/bugs/2006/06/v106.txt KDE Security Advisories: ======================== 14/06/2006 Assunto: KDM symlink attack vulnerability http://www.security.unicamp.br/docs/bugs/2006/03/v079.txt Mandriva Linux Security Update Advisory: ======================================== 15/06/2006 - MDKSA-2006:106 Assunto: mdkkdm http://www.security.unicamp.br/docs/bugs/2006/06/v108.txt 15/06/2006 - MDKSA-2006:105 Assunto: kdebase http://www.security.unicamp.br/docs/bugs/2006/06/v107.txt 15/06/2006 - MDKSA-2006:104 Assunto: sendmail http://www.security.unicamp.br/docs/bugs/2006/06/v098.txt 14/06/2006 - MDKSA-2006:103 Assunto: spamassassin http://www.security.unicamp.br/docs/bugs/2006/06/v089.txt 14/06/2006 - MDKSA-2006:102 Assunto: libtiff http://www.security.unicamp.br/docs/bugs/2006/06/v086.txt 13/06/2006 - MDKSA-2006:1000 Assunto: gdm http://www.security.unicamp.br/docs/bugs/2006/06/v073.txt 13/06/2006 - MDKSA-2006:099-1 Assunto: Freetype2 http://www.security.unicamp.br/docs/bugs/2006/06/v072.txt Microsoft Security Bulletins: ============================= 13/06/2006 Assunto: Microsoft Security Bulletin Re-Release http://www.security.unicamp.br/docs/bugs/2006/06/v111.txt 13/06/2006 Assunto: Microsoft Security Bulletin Summary for June 2006 http://www.security.unicamp.br/docs/bugs/2006/06/v110.txt Slackware Security Advisory: ============================ 15/06/2006 - SSA:2006-166-01 Assunto: sendmail http://www.security.unicamp.br/docs/bugs/2006/06/v097.txt Trustix Secure Linux Security Advisory: ======================================= 16/06/2006 - #2006-0036 Assunto: fcron, libtiff http://www.security.unicamp.br/docs/bugs/2006/06/v104.txt Ubuntu Security Notice: ======================= 16/06/2006 - USN-303-1 Assunto: mysql-dfsg-4.1, mysql-dfsg-5.0 vulnerability http://www.security.unicamp.br/docs/bugs/2006/06/v105.txt 15/06/2006 - USN-297-2 Assunto: mozilla-thunderbird, thunderbird-quickfile updates http://www.security.unicamp.br/docs/bugs/2006/06/v100.txt 14/06/2006 - USN-301-1 Assunto: kdebase vulnerability http://www.security.unicamp.br/docs/bugs/2006/06/v091.txt 14/06/2006 - USN-300-1 Assunto: wv2 vulnerability http://www.security.unicamp.br/docs/bugs/2006/06/v096.txt 13/06/2006 - USN-299-1 Assunto: dhcdbd vulnerability http://www.security.unicamp.br/docs/bugs/2006/06/v071.txt 13/06/2006 - USN-298-1 Assunto: libgd2 vulnerability http://www.security.unicamp.br/docs/bugs/2006/06/v070.txt 13/06/2006 - USN-288-4 Assunto: dovecot regression http://www.security.unicamp.br/docs/bugs/2006/06/v069.txt 13/06/2006 - USN-297-1 Assunto: mozilla-thunderbird vulnerabilities http://www.security.unicamp.br/docs/bugs/2006/06/v068.txt US-CERT Technical Cyber Security Alert: ======================================= 16/06/2006 - TA06-167A Assunto: Microsoft Excel Vulnerability http://www.security.unicamp.br/docs/bugs/2006/06/v109.txt - -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security at unicamp.br http://www.security.unicamp.br GnuPG Public Key: http://www.security.unicamp.br/security.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFElvuT/UMb1l3gm8IRAqwbAJ9WUU5S1WSJ5yy/pBSJ4tyA2oV3JQCgitgC pzFm8DyCD5UeKfqpcsdBe54= =2+Im -----END PGP SIGNATURE----- From security em unicamp.br Fri Jun 23 16:24:03 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Fri, 23 Jun 2006 16:24:03 -0300 Subject: [SECURITY-L] Vulnerabilidades de Seguranca Message-ID: <20060623192403.GA75690@unicamp.br> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Srs. Assinantes, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: Debian Security Advisory: ========================= 23/06/2006 - DSA 1101-1 Assunto: courier http://www.security.unicamp.br/docs/bugs/2006/06/v121.txt Gentoo Linux Security Advisory: =============================== 22/06/2006 - GLSA 200606-23 Assunto: KDM: Symlink vulnerability http://www.security.unicamp.br/docs/bugs/2006/06/v120.txt 22/06/2006 - GLSA 200606-22 Assunto: aRts: Privilege escalation http://www.security.unicamp.br/docs/bugs/2006/06/v119.txt Mandriva Linux Security Update Advisory: ======================================== 20/06/2006 - MDKSA-2006:110 Assunto: gnupg http://www.security.unicamp.br/docs/bugs/2006/06/v118.txt 20/06/2006 - MDKSA-2006:109 Assunto: wv2 http://www.security.unicamp.br/docs/bugs/2006/06/v117.txt 20/06/2006 - MDKSA-2006:108 Assunto: xine-lib http://www.security.unicamp.br/docs/bugs/2006/06/v116.txt 20/06/2006 - MDKSA-2006:107 Assunto: arts http://www.security.unicamp.br/docs/bugs/2006/06/v115.txt - -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security at unicamp.br http://www.security.unicamp.br GnuPG Public Key: http://www.security.unicamp.br/security.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFEnD+Y/UMb1l3gm8IRAqNvAKC6IlD7U1XnzQ/7TFcmoFBE56xGuwCfZOA5 QlXh4pJXrDk5dPgIy4gozww= =Ggon -----END PGP SIGNATURE----- From security em unicamp.br Wed Jun 28 09:30:52 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 28 Jun 2006 09:30:52 -0300 Subject: [SECURITY-L] Vulnerabilidades de Seguranca Message-ID: <20060628123051.GA95527@unicamp.br> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Srs. Assinantes, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: Debian Security Advisory: ========================= 27/06/2006 - DSA 1103-1 Assunto: kernel-source-2.6.8 http://www.security.unicamp.br/docs/bugs/2006/06/v132.txt 26/06/2006 - DSA 1101-1 Assunto: pinball http://www.security.unicamp.br/docs/bugs/2006/06/v125.txt Gentoo Linux Security Advisory: =============================== 26/06/2006 - GLSA 200606-26 Assunto: EnergyMech: Denial of Service http://www.security.unicamp.br/docs/bugs/2006/06/v128.txt 26/06/2006 - GLSA 200606-25 Assunto: Hashcash: Possible heap overflow http://www.security.unicamp.br/docs/bugs/2006/06/v127.txt 23/06/2006 - GLSA 200606-24 Assunto: wv2: Integer overflow http://www.security.unicamp.br/docs/bugs/2006/06/v124.txt HP Security Bulletin: ===================== 23/06/2006 - HPSBUX02127 SSRT051056 - rev.1 Assunto: HP-UX Kernel Local Denial of Service (DoS) http://www.security.unicamp.br/docs/bugs/2006/06/v122.txt Mandriva Linux Security Update Advisory: ======================================== 23/06/2006 - MDKSA-2006:111 Assunto: MySQL http://www.security.unicamp.br/docs/bugs/2006/06/v130.txt OpenPKG Security Advisory: ========================== 26/06/2006 - OpenPKG-SA-2006.010 Assunto: gnupg http://www.security.unicamp.br/docs/bugs/2006/06/v129.txt Slackware Security Advisory: ============================ 28/06/2006 - SSA:2006-178-03 Assunto: arts http://www.security.unicamp.br/docs/bugs/2006/06/v136.txt 28/06/2006 - SSA:2006-178-02 Assunto: gnupg DoS http://www.security.unicamp.br/docs/bugs/2006/06/v135.txt 28/06/2006 - SSA:2006-178-01 Assunto: kdebase kdm local file reading vulnerability http://www.security.unicamp.br/docs/bugs/2006/06/v134.txt Trustix Secure Linux Security Advisory: ======================================= 23/06/2006 - #2006-0037 Assunto: kernel, netpbm http://www.security.unicamp.br/docs/bugs/2006/06/v123.txt Ubuntu Security Notice: ======================= 27/06/2006 - USN-306-1 Assunto: mysql-dfsg-4.1 vulnerability http://www.security.unicamp.br/docs/bugs/2006/06/v131.txt 27/06/2006 - USN-305-1 Assunto: openldap2, openldap2.2 vulnerability http://www.security.unicamp.br/docs/bugs/2006/06/v133.txt 26/06/2006 - USN-304-1 Assunto: gnupg vulnerability http://www.security.unicamp.br/docs/bugs/2006/06/v126.txt - -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security at unicamp.br http://www.security.unicamp.br GnuPG Public Key: http://www.security.unicamp.br/security.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFEonYj/UMb1l3gm8IRApeKAJ0cPF5200qS9K0JS9zf2nZY5heVJwCgzt1x Ax8bfpd90VY2rLcv+c6dqvA= =xxzy -----END PGP SIGNATURE----- From security em unicamp.br Thu Jun 29 16:57:05 2006 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 29 Jun 2006 16:57:05 -0300 Subject: [SECURITY-L] Vulnerabilidades de Seguranca Message-ID: <20060629195705.GA1755@unicamp.br> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Srs. Assinantes, Atualizamos o site do CSIRT (Computer Security Incident Response Team) da Unicamp com os seguintes boletins de vulnerabilidades: Cisco Security Advisory: ======================== 28/06/2006 - Cisco Security Advisory Assunto: Access Point Web-Browser Interface Vulnerability http://www.security.unicamp.br/docs/bugs/2006/06/v144.txt Gentoo Linux Security Advisory: =============================== 29/06/2006 - GLSA 200606-29 Assunto: Tikiwiki: SQL injection and multiple XSS vulnerabilities http://www.security.unicamp.br/docs/bugs/2006/06/v147.txt 29/06/2006 - GLSA 200606-28 Assunto: Horde Web Application Framework: XSS vulnerability http://www.security.unicamp.br/docs/bugs/2006/06/v149.txt 28/06/2006 - GLSA 200606-27 Assunto: Mutt: Buffer overflow http://www.security.unicamp.br/docs/bugs/2006/06/v145.txt Mandriva Linux Security Update Advisory: ======================================== 28/06/2006 - MDKSA-2006:115 Assunto: mutt http://www.security.unicamp.br/docs/bugs/2006/06/v148.txt 27/06/2006 - MDKSA-2006:114 Assunto: libwmf http://www.security.unicamp.br/docs/bugs/2006/06/v140.txt 27/06/2006 - MDKSA-2006:113 Assunto: tetex http://www.security.unicamp.br/docs/bugs/2006/06/v139.txt 27/06/2006 - MDKSA-2006:112 Assunto: gd http://www.security.unicamp.br/docs/bugs/2006/06/v138.txt Microsoft Security Bulletins: ============================= 27/06/2006 Assunto: Microsoft Security Bulletin Re-Release http://www.security.unicamp.br/docs/bugs/2006/06/v146.txt OpenPKG Security Advisory: ========================== 28/06/2006 - OpenPKG-SA-2006.011 Assunto: png http://www.security.unicamp.br/docs/bugs/2006/06/v143.txt SUSE Security Announcement: =========================== 27/06/2006 - SUSE-SA:2006:037 Assunto: freetype2 http://www.security.unicamp.br/docs/bugs/2006/06/v137.txt Ubuntu Security Notice: ======================= 28/06/2006 - USN-307-1 Assunto: mutt vulnerability http://www.security.unicamp.br/docs/bugs/2006/06/v141.txt - -- Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - UNICAMP mailto:security at unicamp.br http://www.security.unicamp.br GnuPG Public Key: http://www.security.unicamp.br/security.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFEpDBe/UMb1l3gm8IRAldWAJ4oLBeomjQlaJpQl3oODnux4rSHXACg3JVg E0cXEJbMUvZ8mCulQ9JiOoE= =Tn1y -----END PGP SIGNATURE-----