From security em unicamp.br  Thu Sep  3 17:30:45 2015
From: security em unicamp.br (CSIRT - UNICAMP)
Date: Thu, 3 Sep 2015 17:30:45 -0300
Subject: [SECURITY-L] CSIRT Unicamp: atualizacao do site - 03/09/2015
Message-ID: <20150903203045.GI11536@unicamp.br>

Prezados,

O site do CSIRT Unicamp foi atualizado com a publicação:

Sequestro de dados: Ransomware
https://www.security.unicamp.br/99-ransomware-arquivos-sequestrados.html


Atenciosamente,

Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
E-mail: security em unicamp.br
GnuPG Public Key: http://www.security.unicamp.br/security.asc
Contact: +55 19 3521-2289 or +55 19 3521-2290
INOC-DBA-BR: 1251*830



From security em unicamp.br  Wed Sep  9 09:15:17 2015
From: security em unicamp.br (CSIRT - UNICAMP)
Date: Wed, 9 Sep 2015 09:15:17 -0300
Subject: [SECURITY-L] Joomla! Security News
Message-ID: <20150909121517.GA1277@unicamp.br>

----- Forwarded message from Security Centre <noreply+feedproxy em google.com> -----

Date: Wed, 09 Sep 2015 12:09:19 +0000
From: Security Centre <noreply+feedproxy em google.com>
To: security em unicamp.br
Subject: Joomla! Security News

Security Centre

///////////////////////////////////////////
[20150908] - Core - XSS Vulnerability

Posted: 08 Sep 2015 07:25 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/CARbJMNz3LY/626-20150908-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email


Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.4.0 through 3.4.3
Exploit type: XSS Vulnerability
Reported Date: 2015-August-18
Fixed Date: 2015-September-08
CVE Number: requested

Description

Inadequate escaping leads to XSS vulnerability in login module.
Affected Installs

Joomla! CMS versions 3.4.0 through 3.4.3
Solution

Upgrade to version 3.4.4
Contact

The JSST at the Joomla! Security Center.
Reported By: cfreer



--
You are subscribed to email updates from "Security Centre."
To stop receiving these emails, you may unsubscribe now: https://feedburner.google.com/fb/a/mailunsubscribe?k=KMmfqcC9uaW9DoC4WZhxYWXnZ24

Email delivery powered by Google.
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043,
United States


----- End forwarded message -----



From security em unicamp.br  Thu Sep 10 11:41:55 2015
From: security em unicamp.br (CSIRT - UNICAMP)
Date: Thu, 10 Sep 2015 11:41:55 -0300
Subject: [SECURITY-L] =?iso-8859-1?q?CAIS-Alerta=3A_Resumo_dos_Boletins_de?=
 =?iso-8859-1?q?_Seguran=E7a_da_Microsoft_-_Setembro/2015?=
Message-ID: <20150910144155.GA1255@unicamp.br>

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

Date: Thu, 10 Sep 2015 10:51:59 -0300 (BRT)
From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Subject: CAIS-Alerta: Resumo dos Boletins de Segurança da Microsoft - Setembro/2015

Prezados,

A Microsoft publicou 12 boletins de segurança em 8 de              
setembro de 2015 que abordam ao todo 55 vulnerabilidades em produtos da 
empresa. As explorações destas vulnerabilidades permitem execução remota 
de código, negação de serviço, elevação de privilégio, divulgação de 
informações e desvio de recurso de segurança.

Até o momento da publicação deste alerta não foram divulgados códigos de 
exploração para as vulnerabilidades listadas.

 

Severidade

Crítica

· MS15-094 - Atualização de segurança cumulativa para o Internet Explorer

· MS15-095 - Atualização de segurança cumulativa do Microsoft Edge     

· MS15-097 - Vulnerabilidades no componente do Microsoft Graphics 
             podem permitir a execução remota de código

· MS15-098 - Vulnerabilidade no Diário do Windows pode permitir a 
             execução remota de código

 

Importante

· MS15-096 - Vulnerabilidade no Active Directory pode permitir uma 
             negação de serviço

· MS15-099 - Vulnerabilidades no Microsoft Office pode permitir a 
             execução remota de código

· MS15-100 - Vulnerabilidade no Windows Media Center pode permitir 
             a execução remota de código

· MS15-101 - Vulnerabilidades no .NET Framework podem permitir 
             elevação de privilégio

· MS15-102 - Vulnerabilidade no Agendador de Tarefas do Windows 
             pode permitir a elevação de privilégio

· MS15-103 - Vulnerabilidade no Microsoft Exchange Server pode 
             permitir a divulgação de Informações

· MS15-104 - Vulnerabilidades no Skype for Business Server e no 
             Lync Server podem permitir a elevação de privilégio

· MS15-105 - Vulnerabilidade no Windows Hyper-V pode permitir o 
             desvio do recurso de segurança
 

Moderada

Nenhum boletim

 

Baixa

Nenhum boletim

 

O sistema de classificação de severidade das vulnerabilidades adotado pelo 
CAIS é o da própria Microsoft. O CAIS recomenda que se apliquem as 
correções para vulnerabilidades classificadas como crítica e importante. 
No caso de correções para vulnerabilidades classificadas como moderadas o 
CAIS recomenda que ao menos as recomendações de mitigação sejam seguidas.

· Crítica - Vulnerabilidades cuja exploração possa permitir a 
propagação de um worm sem a necessidade de interação com o usuário.

· Importante - Vulnerabilidades cuja exploração possa resultar no 
comprometimento de confidencialidade, integridade ou disponibilidade de 
dados de usuários ou a integridade ou disponibilidade de recursos de 
processamento.

· Moderada - exploração é mitigada significativamente por fatores 
como configuração padrão, auditoria ou dificuldade de exploração.

· Baixa - uma vulnerabilidade cuja exploração seja extremamente 
difícil ou cujo impacto seja mínimo.

 

Correções disponíveis

Recomenda-se atualizar os sistemas para as versões disponíveis em:

Microsoft Update
https://www.update.microsoft.com/microsoftupdate

Microsoft Download Center
http://www.microsoft.com/en-us/download/default.aspx

 

Mais informações

Resumo do Boletim de Segurança da Microsoft de setembro de 2015
https://technet.microsoft.com/pt-br/library/security/ms15-sep.aspx

Microsoft TechCenter de Segurança
https://technet.microsoft.com/pt-br/security

Microsoft Security Response Center - MSRC
https://technet.microsoft.com/pt-br/security/dn440717

Microsoft Security Research & Defense - MSRD
http://blogs.technet.com/b/srd/

Central de Proteção e Segurança Microsoft
https://www.microsoft.com/pt-br/security/default.aspx

 

Identificador CVE (http://cve.mitre.org):
 

CVE-2015-2483,CVE-2015-2498,CVE-2015-2506,CVE-2015-2513
CVE-2015-2526,CVE-2015-2484,CVE-2015-2499,CVE-2015-2507
CVE-2015-2514,CVE-2015-2524,CVE-2015-2485,CVE-2015-2500
CVE-2015-2508,CVE-2015-2516,CVE-2015-2525,CVE-2015-2486
CVE-2015-2501,CVE-2015-2510,CVE-2015-2519,CVE-2015-2528
CVE-2015-2487,CVE-2015-2541,CVE-2015-2511,CVE-2015-2530
CVE-2015-2505,CVE-2015-2489,CVE-2015-2542,CVE-2015-2512
CVE-2015-2520,CVE-2015-2543,CVE-2015-2490,CVE-2015-2485
CVE-2015-2517,CVE-2015-2521,CVE-2015-2544,CVE-2015-2491
CVE-2015-2486,CVE-2015-2518,CVE-2015-2522,CVE-2015-2531
CVE-2015-2492,CVE-2015-2494,CVE-2015-2527,CVE-2015-2523
CVE-2015-2532,CVE-2015-2493,CVE-2015-2542,CVE-2015-2529
CVE-2015-2509,CVE-2015-2536,CVE-2015-2494,CVE-2015-2535
CVE-2015-2546,CVE-2015-2504,CVE-2015-2534

Att,

################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.rnp.br/servicos/seguranca  #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.cais.rnp.br/cais-pgp.key   #
################################################################


----- End forwarded message -----



From security em unicamp.br  Wed Sep 16 16:44:37 2015
From: security em unicamp.br (CSIRT - UNICAMP)
Date: Wed, 16 Sep 2015 16:44:37 -0300
Subject: [SECURITY-L] [security-news@drupal.org: [Security-news] Drupal 7
 driver for SQL Server and SQL Azure - Moderately Critical - SQL Injection -
 SA-CONTRIB-2015-148]
Message-ID: <20150916194437.GB30047@unicamp.br>

----- Forwarded message from security-news em drupal.org -----

Date: Wed, 16 Sep 2015 19:32:47 +0000 (UTC)
From: security-news em drupal.org
To: security-news em drupal.org
Subject: [Security-news] Drupal 7 driver for SQL Server and SQL Azure - Moderately Critical - SQL Injection - SA-CONTRIB-2015-148
X-Mailer: Drupal

View online: https://www.drupal.org/node/2569577

   * Advisory ID: DRUPAL-SA-CONTRIB-2015-148
   * Project: Drupal 7 driver for SQL Server and SQL Azure [1]     
(third-party
     module)
   * Version: 7.x
   * Date: 2015-September-16
   * Security risk: 10/25 ( Moderately Critical)
     AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon [2]
   * Vulnerability: SQL Injection

-------- DESCRIPTION
---------------------------------------------------------

Drupal 7 driver for SQL Server and SQL Azure module has a SQL injection
vulnerability.

Certain characters aren't properly escaped by the Drupal database API. A
malicious user may be able to access restricted information by performing a
specially-crafted search.

Only sites that use contrib or custom modules which rely on the db_like()
function may be  affected.


-------- CVE IDENTIFIER(S) ISSUED
--------------------------------------------

   * /A CVE identifier [3] will be requested, and added upon issuance, in
     accordance with Drupal Security Team processes./

-------- VERSIONS AFFECTED
---------------------------------------------------

   * Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x versions prior to
     7.x-1.4

Drupal core is not affected. If you do not use the contributed Drupal 7
driver for SQL Server and SQL Azure [4] module, there is nothing you need to
do.

-------- SOLUTION
------------------------------------------------------------

Install the latest version:

   * If you use the Drupal 7 driver for SQL Server and SQL Azure module for
     Drupal 7.x-1.x, you can upgrade to Drupal 7 driver for SQL Server and SQL
     Azure 7.x-1.4 [5]
   * If you use the Drupal 7 driver for SQL Server and SQL Azure module for
     Drupal 7.x-2.x, you can upgrade to Drupal 7 driver for SQL Server and SQL
     Azure 7.x-2.0 [6]

Although a 7.x-1.4 version has been released the 7.x-1.x branch is currently
unsupported and not maintained.

Also see the Drupal 7 driver for SQL Server and SQL Azure [7] project page.

-------- REPORTED BY
---------------------------------------------------------

   * Fabio Epifani [8]

-------- FIXED BY
------------------------------------------------------------

   * David Garcia [9] the module maintainer
   * Fabio Epifani [10]

-------- COORDINATED BY
------------------------------------------------------

   * Pere Orga [11] of the Drupal Security Team
   * Michael Hess [12] of the Drupal Security Team

-------- CONTACT AND MORE INFORMATION
----------------------------------------

The Drupal security team can be reached at security at drupal.org or via the
contact form at https://www.drupal.org/contact [13].

Learn more about the Drupal Security team and their policies [14], writing
secure code for Drupal [15], and  securing your site [16].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [17]


[1] https://www.drupal.org/project/sqlsrv
[2] https://www.drupal.org/security-team/risk-levels
[3] http://cve.mitre.org/
[4] https://www.drupal.org/project/sqlsrv
[5] https://www.drupal.org/node/2569003
[6] https://www.drupal.org/node/2569005
[7] https://www.drupal.org/project/sqlsrv
[8] https://www.drupal.org/user/2840771
[9] https://www.drupal.org/user/696200
[10] https://www.drupal.org/user/2840771
[11] https://www.drupal.org/user/2301194
[12] https://www.drupal.org/u/mlhess
[13] https://www.drupal.org/contact
[14] https://www.drupal.org/security-team
[15] https://www.drupal.org/writing-secure-code
[16] https://www.drupal.org/security/secure-configuration
[17] https://twitter.com/drupalsecurity

_______________________________________________
Security-news mailing list
Security-news em drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news

----- End forwarded message -----



From security em unicamp.br  Mon Sep 21 16:41:50 2015
From: security em unicamp.br (CSIRT - UNICAMP)
Date: Mon, 21 Sep 2015 16:41:50 -0300
Subject: [SECURITY-L] [SECURITY] [DSA 3364-1] linux security update
Message-ID: <20150921194150.GD24093@unicamp.br>

-------------------------------------------------------------------------
Debian Security Advisory DSA-3364-1
security em debian.org
https://www.debian.org/security/                            Ben
Hutchings
September 21, 2015
https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2015-0272 CVE-2015-2925 CVE-2015-5156 CVE-2015-6252 
                 CVE-2015-6937
Debian Bug     : 796036

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation or denial of service.

CVE-2015-0272

    It was discovered that NetworkManager would set IPv6 MTUs based on
    the values received in IPv6 RAs (Router Advertisements), without
    sufficiently validating these values. A remote attacker could
    exploit this attack to disable IPv6 connectivity. This has been
    mitigated by adding validation in the kernel.

CVE-2015-2925

    Jann Horn discovered that when a subdirectory of a filesystem is
    bind-mounted into a container that has its own user and mount
    namespaces, a process with CAP_SYS_ADMIN capability in the user
    namespace can access files outside of the subdirectory.  The
    default Debian configuration mitigated this as it does not allow
    unprivileged users to create new user namespaces.

CVE-2015-5156

    Jason Wang discovered that when a virtio_net device is connected
    to a bridge in the same VM, a series of TCP packets forwarded
    through the bridge may cause a heap buffer overflow.  A remote
    attacker could use this to cause a denial of service (crash) or
    possibly for privilege escalation.

CVE-2015-6252

    Michael S. Tsirkin of Red Hat Engineering found that the vhost
    driver leaked file descriptors passed to it with the
    VHOST_SET_LOG_FD ioctl command. A privileged local user with access
    to the /dev/vhost-net file, either directly or via libvirt, could
    use this to cause a denial of service (hang or crash).

CVE-2015-6937

    It was found that the Reliable Datagram Sockets (RDS) protocol
    implementation did not verify that an underlying transport exists
    when creating a connection.  Depending on how a local RDS
    application initialised its sockets, a remote attacker might be
    able to cause a denial of service (crash) by sending a crafted
    packet.

#796036

    Xavier Chantry discovered that the patch provided by the aufs
    project to correct behaviour of memory-mapped files from an aufs
    mount introduced a race condition in the msync() system call.
    Ben Hutchings found that it also introduced a similar bug in the
    madvise_remove() function.  A local attacker could use this to
    cause a denial of service or possibly for privilege escalation.

For the oldstable distribution (wheezy), these problems have been fixed
in version 3.2.68-1+deb7u4. CVE-2015-2925 and #796036 do not affect the
wheezy distribution.

For the stable distribution (jessie), these problems have been fixed in
version 3.16.7-ckt11-1+deb8u4.

We recommend that you upgrade your linux packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce em lists.debian.org


----- End forwarded message -----