From security em unicamp.br Thu Jun 2 16:48:55 2016 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 2 Jun 2016 16:48:55 -0300 Subject: [SECURITY-L] [marc.deslauriers@canonical.com: [USN-2991-1] nginx vulnerability] Message-ID: <20160602194855.GF30535@unicamp.br> ----- Forwarded message from Marc Deslauriers ----- Date: Thu, 2 Jun 2016 14:08:29 -0400 From: Marc Deslauriers To: ubuntu-security-announce em lists.ubuntu.com Subject: [USN-2991-1] nginx vulnerability ========================================================================== Ubuntu Security Notice USN-2991-1 June 02, 2016 nginx vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 15.10 - Ubuntu 14.04 LTS Summary: nginx could be made to crash if it received specially crafted network traffic. Software Description: - nginx: small, powerful, scalable web/proxy server Details: It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: nginx-core 1.10.0-0ubuntu0.16.04.2 nginx-extras 1.10.0-0ubuntu0.16.04.2 nginx-full 1.10.0-0ubuntu0.16.04.2 nginx-light 1.10.0-0ubuntu0.16.04.2 Ubuntu 15.10: nginx-core 1.9.3-1ubuntu1.2 nginx-extras 1.9.3-1ubuntu1.2 nginx-full 1.9.3-1ubuntu1.2 nginx-light 1.9.3-1ubuntu1.2 Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.5 nginx-extras 1.4.6-1ubuntu3.5 nginx-full 1.4.6-1ubuntu3.5 nginx-light 1.4.6-1ubuntu3.5 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2991-1 CVE-2016-4450 Package Information: https://launchpad.net/ubuntu/+source/nginx/1.10.0-0ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.2 https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.5 -- ubuntu-security-announce mailing list ubuntu-security-announce em lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce ----- End forwarded message ----- From security em unicamp.br Mon Jun 6 07:41:37 2016 From: security em unicamp.br (CSIRT Unicamp) Date: Mon, 6 Jun 2016 07:41:37 -0300 Subject: [SECURITY-L] [DSA 3595-1] mariadb-10.0 security update In-Reply-To: References: Message-ID: <57555361.9060307@unicamp.br> -------- Mensagem encaminhada -------- Assunto: [SECURITY] [DSA 3595-1] mariadb-10.0 security update Resent-Date: Sun, 5 Jun 2016 19:51:52 +0000 (UTC) Resent-From: debian-security-announce em lists.debian.org Data: Sun, 05 Jun 2016 19:51:35 +0000 De: Salvatore Bonaccorso Responder a: debian-security em lists.debian.org Para: debian-security-announce em lists.debian.org ------------------------------------------------------------------------- Debian Security Advisory DSA-3595-1 security em debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 05, 2016 https://www.debian.org/security/faq ------------------------------------------------------------------------- Package : mariadb-10.0 CVE ID : CVE-2016-0640 CVE-2016-0641 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 Debian Bug : 823325 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.25. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10024-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ For the stable distribution (jessie), these problems have been fixed in version 10.0.25-0+deb8u1. We recommend that you upgrade your mariadb-10.0 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce em lists.debian.org From security em unicamp.br Thu Jun 9 09:33:35 2016 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 9 Jun 2016 09:33:35 -0300 Subject: [SECURITY-L] [security-news@drupal.org: [Security-news] REST JSON - Multiple Vulnerabilities - Highly Critical - Unsupported - SA-CONTRIB-2016-033] Message-ID: <20160609123335.GC28507@unicamp.br> ----- Forwarded message from security-news em drupal.org ----- Date: Wed, 8 Jun 2016 19:33:27 +0000 (UTC) From: security-news em drupal.org To: security-news em drupal.org Subject: [Security-news] REST JSON - Multiple Vulnerabilities - Highly Critical - Unsupported - SA-CONTRIB-2016-033 View online: https://www.drupal.org/node/2744889 * Advisory ID: DRUPAL-SA-CONTRIB-2016-033 * Project: REST/JSON [1] (third-party module) * Version: 7.x * Date: 2016-June-08 * Security risk: 19/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Proof/TD:All [2] * Vulnerability: Access bypass, Information Disclosure, Multiple vulnerabilities -------- DESCRIPTION --------------------------------------------------------- This module enables you to expose content, users and comments via a JSON API. The module contains multiple vulnerabilities including * Node access bypass * Comment access bypass * User enumeration * Field access bypass * User registration bypass * Blocked user login * Session name guessing * Session enumeration -------- CVE IDENTIFIER(S) ISSUED -------------------------------------------- * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ -------- VERSIONS AFFECTED --------------------------------------------------- * All 7.x-1.x versions Drupal core is not affected. If you do not use the contributed REST JSON module, there is nothing you need to do. Drupal core is not affected. If you do not use the contributed REST/JSON [4] module, there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ If you use the REST JSON module for Drupal 7.x you should uninstall it. Also see the REST/JSON [5] project page. -------- REPORTED BY --------------------------------------------------------- * Lee Rowlands [6] of the Drupal Security Team * Ben Doughertry [7] of the Drupal Security Team -------- FIXED BY ------------------------------------------------------------ Not applicable -------- COORDINATED BY ------------------------------------------------------ * Lee Rowlands [8] of the Drupal Security Team -------- CONTACT AND MORE INFORMATION ---------------------------------------- The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact [9]. Learn more about the Drupal Security team and their policies [10], writing secure code for Drupal [11], and securing your site [12]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [13] [1] https://www.drupal.org/project/rest_json [2] https://www.drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] https://www.drupal.org/project/rest_json [5] https://www.drupal.org/project/rest_json [6] https://www.drupal.org/u/larowlan [7] https://www.drupal.org/u/benjy [8] https://www.drupal.org/u/larowlan [9] https://www.drupal.org/contact [10] https://www.drupal.org/security-team [11] https://www.drupal.org/writing-secure-code [12] https://www.drupal.org/security/secure-configuration [13] https://twitter.com/drupalsecurity _______________________________________________ Security-news mailing list Security-news em drupal.org Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news ----- End forwarded message ----- From security em unicamp.br Thu Jun 16 07:26:50 2016 From: security em unicamp.br (CSIRT Unicamp) Date: Thu, 16 Jun 2016 07:26:50 -0300 Subject: [SECURITY-L] [Security-news] Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-002 In-Reply-To: References: Message-ID: <57627EEA.3030908@unicamp.br> -------- Mensagem encaminhada -------- Assunto: [Security-news] Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-002 Data: Wed, 15 Jun 2016 20:27:21 +0000 (UTC) De: security-news em drupal.org Responder a: noreply em drupal.org Para: security-news em drupal.org View online: https://www.drupal.org/SA-CORE-2016-002 * Advisory ID: DRUPAL-SA-CORE-2016-002 * Project: Drupal core [1] * Version: 7.x, 8.x * Date: 2016-June-15 * Security risk: 11/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon [2] * Vulnerability: Access bypass, Multiple vulnerabilities -------- DESCRIPTION --------------------------------------------------------- .... Saving user accounts can sometimes grant the user all roles (User module - Drupal 7 - Moderately Critical) A vulnerability exists in the User module, where if some specific contributed or custom code triggers a rebuild of the user profile form, a registered user can be granted all user roles on the site. This would typically result in the user gaining administrative access. This issue is mitigated by the fact that it requires contributed or custom code that performs a form rebuild during submission of the user profile form. .... Views can allow unauthorized users to see Statistics information (Views module - Drupal 8 - Less Critical) An access bypass vulnerability exists in the Views module, where users without the "View content count" permission can see the number of hits collected by the Statistics module for results in the view. This issue is mitigated by the fact that the view must be configured to show a "Content statistics" field, such as "Total views", "Views today" or "Last visit". The same vulnerability exists in the Drupal 7 Views module (see SA-CONTRIB-2016-036 [3]). -------- CVE IDENTIFIER(S) ISSUED -------------------------------------------- * /A CVE identifier [4] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ -------- VERSIONS AFFECTED --------------------------------------------------- * Drupal core 7.x versions prior to 7.44 * Drupal core 8.x versions prior to 8.1.3 -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use Drupal 7.x, upgrade to Drupal core 7.44 * If you use Drupal 8.x, upgrade to Drupal core 8.1.3 Also see the Drupal core [5] project page. -------- REPORTED BY --------------------------------------------------------- Saving user accounts can sometimes grant the user all roles: * alfaguru [6] Views can allow unauthorized users to see Statistics information: * Nickolay Leshchev [7] -------- FIXED BY ------------------------------------------------------------ Saving user accounts can sometimes grant the user all roles: * Ben Dougherty [8] of the Drupal Security Team * Balazs Nagykekesi [9] * David Rothstein [10] of the Drupal Security Team * Lee Rowlands [11] of the Drupal Security Team * Stefan Ruijsenaars [12] of the Drupal Security Team * vlad.k [13] * Peter Wolanin [14] of the Drupal Security Team Views can allow unauthorized users to see Statistics information: * Nathaniel Catchpole [15] of the Drupal Security Team * Greg Knaddison [16] of the Drupal Security Team * Nickolay Leshchev [17] * Stefan Ruijsenaars [18] of the Drupal Security Team * David Snopek [19] of the Drupal Security Team * Daniel Wehner [20] * xjm [21] of the Drupal Security Team -------- COORDINATED BY ------------------------------------------------------ The Drupal Security Team -------- CONTACT AND MORE INFORMATION ---------------------------------------- The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact [22]. Learn more about the Drupal Security team and their policies [23], writing secure code for Drupal [24], and securing your site [25]. Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [26] [1] https://www.drupal.org/project/drupal [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/node/2749333 [4] http://cve.mitre.org/ [5] https://www.drupal.org/project/drupal [6] https://www.drupal.org/user/112814 [7] https://www.drupal.org/user/982724 [8] https://www.drupal.org/user/1852732 [9] https://www.drupal.org/user/21231 [10] https://www.drupal.org/user/124982 [11] https://www.drupal.org/user/395439 [12] https://www.drupal.org/user/551886 [13] https://www.drupal.org/user/731068 [14] https://www.drupal.org/user/49851 [15] https://www.drupal.org/user/35733 [16] https://www.drupal.org/user/36762 [17] https://www.drupal.org/user/982724 [18] https://www.drupal.org/user/551886 [19] https://www.drupal.org/user/266527 [20] https://www.drupal.org/user/99340 [21] https://www.drupal.org/user/65776 [22] https://www.drupal.org/contact [23] https://www.drupal.org/security-team [24] https://www.drupal.org/writing-secure-code [25] https://www.drupal.org/security/secure-configuration [26] https://twitter.com/drupalsecurity -------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: From security em unicamp.br Thu Jun 16 09:04:10 2016 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 16 Jun 2016 09:04:10 -0300 Subject: [SECURITY-L] CAIS-Alerta: Resumo dos Boletins de SeguranXXa da Microsoft Junho 2016 Message-ID: <20160616120410.GC26946@unicamp.br> ----- Forwarded message from CAIS/RNP Alerta ----- Date: Wed, 15 Jun 2016 18:04:28 -0300 (BRT) From: CAIS/RNP Alerta To: rnp-alerta em cais.rnp.br Subject: CAIS-Alerta: Resumo dos Boletins de SeguranXXa da Microsoft Junho 2016 Prezados, A Microsoft publicou 16 boletins de seguran?a em 14 de junho de 2016 que abordam ao todo 44 vulnerabilidades em produtos da empresa. As explora??es destas vulnerabilidades permitem execu??o remota de c?digo, eleva??o de privil?gio, nega??o de servi?o e divulga??o n?o autorizada de informa??o. At? o momento da publica??o deste alerta n?o foram divulgados c?digos de explora??o para as vulnerabilidades listadas. Severidade Cr?tica * MS16-063 - Atualiza??o de seguran?a cumulativa para o Internet Explorer * MS16-068 - Atualiza??o de seguran?a cumulativa do Microsoft Edge * MS16-069 - Atualiza??o cumulativa de seguran?a para JScript e VBScript * MS16-070 - Atualiza??o de seguran?a para o Microsoft Office * MS16-071 - Atualiza??o de seguran?a para o servidor DNS do Microsoft Windows Importante * MS16-072 - Atualiza??o de seguran?a para pol?tica de grupo * MS16-073 - Atualiza??o de seguran?a para drivers do modo Kernel do Windows * MS16-074 - Atualiza??o de seguran?a para o componente gr?fico da Microsoft * MS16-075 - Atualiza??o de seguran?a para o servidor SMB do Windows * MS16-076 - Atualiza??o de seguran?a para Netlogon * MS16-077 - Atualiza??o de seguran?a para WPAD * MS16-078 - Atualiza??o de seguran?a para o Hub de Diagn?stico do Windows * MS16-079 - Atualiza??o de seguran?a para o Microsoft Exchange Server * MS16-080 - Atualiza??o de seguran?a para PDF no Microsoft Windows * MS16-081 - Atualiza??o de seguran?a para o Active Directory * MS16-082 - Atualiza??o de seguran?a para o componente de pesquisa do Microsoft Windows Moderada Nenhum boletim Baixa Nenhum boletim O sistema de classifica??o de severidade das vulnerabilidades adotado pelo CAIS ? o da pr?pria Microsoft. O CAIS recomenda que se apliquem as corre??es para vulnerabilidades classificadas como cr?tica e importante. No caso de corre??es para vulnerabilidades classificadas como moderadas o CAIS recomenda que ao menos as recomenda??es de mitiga??o sejam seguidas. * Cr?tica - Vulnerabilidades cuja explora??o possa permitir a propaga??o de um worm sem a necessidade de intera??o com o usu?rio. * Importante - Vulnerabilidades cuja explora??o possa resultar no comprometimento de confidencialidade, integridade ou disponibilidade de dados de usu?rios ou a integridade ou disponibilidade de recursos de processamento. * Moderada - explora??o ? mitigada significativamente por fatores como configura??o padr?o, auditoria ou dificuldade de explora??o. * Baixa - uma vulnerabilidade cuja explora??o seja extremamente dif?cil ou cujo impacto seja m?nimo. Corre??es dispon?veis Recomenda-se atualizar os sistemas para as vers?es dispon?veis em: Microsoft Update https://www.update.microsoft.com/microsoftupdate Microsoft Download Center http://www.microsoft.com/en-us/download/default.aspx Mais informa??es Resumo do Boletim de Seguran?a da Microsoft de junho de 2016 https://technet.microsoft.com/pt-br/library/security/ms16-jun Microsoft TechCenter de Seguran?a https://technet.microsoft.com/pt-br/security Microsoft Security Response Center - MSRC https://technet.microsoft.com/pt-br/security/dn440717 Microsoft Security Research & Defense - MSRD http://blogs.technet.com/b/srd/ Central de Prote??o e Seguran?a Microsoft https://www.microsoft.com/pt-br/security/default.aspx Identificador CVE (http://cve.mitre.org): CVE-2016-0199,CVE-2016-3213,CVE-2016-3205,CVE-2016-3218,CVE-2016-3236 CVE-2016-0200,CVE-2016-3198,CVE-2016-3206,CVE-2016-3221,CVE-2016-3231 CVE-2016-3202,CVE-2016-3199,CVE-2016-3207,CVE-2016-3232,CVE-2016-0028 CVE-2016-3205,CVE-2016-3201,CVE-2016-0025,CVE-2016-3216,CVE-2016-3201 CVE-2016-3206,CVE-2016-3202,CVE-2016-3233,CVE-2016-3219,CVE-2016-3203 CVE-2016-3207,CVE-2016-3203,CVE-2016-3234,CVE-2016-3220,CVE-2016-3215 CVE-2016-3210,CVE-2016-3214,CVE-2016-3235,CVE-2016-3225,CVE-2016-3226 CVE-2016-3211,CVE-2016-3215,CVE-2016-3227,CVE-2016-3228,CVE-2016-3230 CVE-2016-3212,CVE-2016-3222,CVE-2016-3223, CVE-2016-3213 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as ?ltimas vers?es e corre??es oferecidas pelos fabricantes. Os alertas do CAIS tamb?m s?o oferecidos no Twitter: Siga @caisrnp Atenciosamente, CAIS/RNP ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.rnp.br/servicos/seguranca # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ ----- End forwarded message ----- From security em unicamp.br Wed Jun 22 07:55:52 2016 From: security em unicamp.br (CSIRT Unicamp) Date: Wed, 22 Jun 2016 07:55:52 -0300 Subject: [SECURITY-L] WordPress 4.5.3 Maintenance and Security Release Message-ID: <576A6EB8.9030602@unicamp.br> WordPress 4.5.3 Maintenance and Security Release Posted June 18, 2016 by Adam Silverstein. Filed under Releases, Security. WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reported by Yassine Aboukir; two different XSS problems via attachment names, reported by Jouko Pynnönen and Divyesh Prajapati; revision history information disclosure, reported independently by John Blackbourn from the WordPress security team and by Dan Moen; oEmbed denial of service reported by Jennifer Dodd from Automattic; unauthorized category removal from a post, reported by David Herrera from Alley Interactive; password change via stolen cookie, reported by Michael Adams from the WordPress security team; and some less secure sanitize_file_name edge cases reported by Peter Westwood of the WordPress security team. Thank you to the reporters for practicing responsible disclosure. In addition to the security issues above, WordPress 4.5.3 fixes 17 bugs from 4.5, 4.5.1 and 4.5.2. For more information, see the release notes: https://codex.wordpress.org/Version_4.5.3 Download WordPress 4.5.3 or venture over to Dashboard ? Updates and simply click ?Update Now.? Sites that support automatic background updates are already beginning to update to WordPress 4.5.3. Thanks to everyone who contributed to 4.5.3: Boone Gorges, Silvan Hagen, vortfu, Eric Andrew Lewis, Nikolay Bachiyski, Michael Adams, Jeremy Felt, Dominik Schilling, Weston Ruter, Dion Hulse, Rachel Baker, Alex Concha, Jennifer M. Dodd, Brandon Kraft, Gary Pendergast, Ella Iseulde Van Dorpe, Joe McGill, Pascal Birchler, Sergey Biryukov, David Herrera and Adam Silverstein. -- Gesiel Galvăo Bernardes === Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - Unicamp Centro de Computacao - CCUEC Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830