From security em unicamp.br  Mon Mar  6 17:51:26 2023
From: security em unicamp.br (CSIRT Unicamp)
Date: Mon, 6 Mar 2023 17:51:26 -0300
Subject: [SECURITY-L] Fwd: [RNP/CAIS Alerta #0097] Vulnerabilidades no
 Microsoft Exchange Server
In-Reply-To: <1051485109.1634523.1678135156809.JavaMail.zimbra@rnp.br>
References: <1051485109.1634523.1678135156809.JavaMail.zimbra@rnp.br>
Message-ID: <CAEsueBN8EqgckGoyhpVnvTg1Md4fL8HoXogzx2SbwXz7qfWGdQ@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CAIS-Alerta [06/03/2023]: Vulnerabilidades no Microsoft Exchange Server

Prezados(as),

O CAIS alerta para recentes vulnerabilidades no Microsoft Exchange Server
que permitem a exploração para execução de código remoto. Todas as
vulnerabilidades foram classificadas com gravidade alta pelo fabricante.

Até a última revisão deste alerta, não foram identificados códigos capazes
de explorar esta vulnerabilidade.

Descrição
As vulnerabilidades de execução remota de código no Microsoft Exchange
Server, permitem que um atacante, em posse de credenciais de usuário com
baixos privilégios escreva código malicioso no contexto da conta do
servidor, por meio de requisições através da rede.

Sistemas impactados
Microsoft Exchange Server

Versões afetadas
Microsoft Exchange Server 2013 Cumulative Update 23 SU19 ou anterior
Microsoft Exchange Server 2016 Cumulative Update 23 SU5 ou anterior
Microsoft Exchange Server 2019 Cumulative Update 11 SU9 ou anterior
Microsoft Exchange Server 2019 Cumulative Update 12 SU5 ou anterior

Correções disponíveis
Atualizar o Microsoft Exchange Server 2013 para a versão Cumulative Update
23 SU20
Atualizar o Microsoft Exchange Server 2016 para a versão Cumulative Update
23 SU6
Atualizar o Microsoft Exchange Server 2019 para a versão Cumulative Update
11 SU10
Atualizar o Microsoft Exchange Server 2019 para a versão Cumulative Update
12 SU6

Identificadores CVE (http://cve.mitre.org)
CVE-2023-21529
CVE-2023-21706
CVE-2023-21707
CVE-2023-21710

Mais informações
https://support.microsoft.com/pt-br/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-february-14-2023-kb5023038-2e60d338-dda3-46ed-aed1-4a8bbee87d23
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21706
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21707
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21710

O CAIS recomenda que os administradores mantenham seus sistemas e
aplicativos sempre atualizados, de acordo com as últimas versões e
correções oferecidas pelos fabricantes.

Os alertas do CAIS também podem ser acompanhados pelas redes sociais da
RNP. Siga-nos!!
Twitter: @RedeRNP
Facebook: facebook.com/RedeNacionaldeEnsinoePesquisaRNP.

################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       https://cais.rnp.br/                  #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponível   https://www.rnp.br/cais/cais-pgp.key  #
################################################################
-----BEGIN PGP SIGNATURE-----
Version: OpenPGP.js v2.6.2
Comment: https://openpgpjs.org

wsFcBAEBCAAQBQJkBk9iCRDU96v9U5pXgAAAxKEP/3VAaALMMOG+kKtG0q3m
HHprmKONtFnsU/01tcG1he3zvRDQ+Xq1OHfOxxoMveraJpH3SmhoGS4vYw8M
p0hN7VtEBnMFD55+zk4eg5F7VoCu7vpJ1vWIR8rtDOGmbmXF7mIf0VToP1Cf
Nph9kWPeU9BXIUHATbYJTmYaasQYCsaaRdpzaM0Zc8Y9YZDkLC/UFKYRcoT4
+mHyzm0Zt0Ciz/t/z7c1iCd07z2xeumRQZ+VoeoWf3Z5APEPEquEwa7+H+m2
BY0LtO6ph2eOel98kkQJb3zNePHWh1uLp/scGAaGhoqdtVkkFilDZg8xoXbi
ENMx/kzd8x3TdM9jToPQEs+K9GAV1atXAbA8Smpslqs4AgLxToFXwuDEzHLB
r/74cQoYf8GmGZMm2+EQ0hKXZ83eDN3JrX8O3IW1LUl8QwtxwsMBPqvJ9LF5
Mu4LiaPeDKK+B0oje6wztEygdiE8KfB9CoKuY8Mn3oTFCn8mZkuY5m4uzT8l
1VWbez7lANXpzbiqQSp0QOO1YUfmL/Ap/NbdyXmVEhaEL3BPzFccrYHcPF1O
if5MopWZu3wSPHYqScbeSRVIYfR2vKc6EcQt+T+TS1NMW0uQPOXjuXDGsTJE
h5Hfkfd3su5LhO5ciwWYQ+uWvVfxDs8MKiiEXGU7qPTW2EhHoN/s0z+Hw+aO
6ehX
=ugLN
-----END PGP SIGNATURE-----
_______________________________________________
RNP-Alerta
rnp-alerta em listas.rnp.br
https://listas.rnp.br/mailman/listinfo/rnp-alerta


===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20230306/0e1e3e77/attachment.html>

From security em unicamp.br  Fri Mar 10 16:26:52 2023
From: security em unicamp.br (CSIRT Unicamp)
Date: Fri, 10 Mar 2023 16:26:52 -0300
Subject: [SECURITY-L] =?utf-8?q?=5BRNP/CAIS_Alerta_=230098=5D_Vulnerabili?=
	=?utf-8?q?dade_de_execu=C3=A7=C3=A3o_remota_de_c=C3=B3digo_do_Micr?=
	=?utf-8?q?osoft_Word_por_meio_de_arquivos_RTF?=
In-Reply-To: <432950153.1733468.1678475045658.JavaMail.zimbra@rnp.br>
References: <432950153.1733468.1678475045658.JavaMail.zimbra@rnp.br>
Message-ID: <CAEsueBOVcKf4-Gw5ivGwWhLytpJHaPfxMt7HKX-15o6mV_X0RQ@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CAIS-Alerta [10/03/2023]: Vulnerabilidade de execução remota de código do
Microsoft Word por meio de arquivos RTF

Prezados(as),
O CAIS alerta para uma vulnerabilidade crítica no Microsoft Word que
permite a um usuário malicioso executar comandos arbitrários
remotamente. Até a última revisão deste alerta, foram identificados códigos
capazes de explorar esta vulnerabilidade.

Descrição
CVE-2023-21716: Esta vulnerabilidade permite que o atacante execute
comandos arbitrários remotamente, com privilégios da vítima, por meio de
arquivos RTF maliciosos. O atacante pode enviar um e-mail mal-intencionado
contendo uma carga RTF maliciosa que permita obter acesso para executar
comandos no aplicativo vulnerável. O simples carregamento do documento RTF
malicioso no painel de visualização é suficiente para a exploração.

Produtos afetados
Esta vulnerabilidade afeta uma ampla variedade de versões do Microsoft
Office, SharePoint, Microsoft 365, etc. Exemplos:
Microsoft Office Web Apps Server 2013
Microsoft Office 2019
Microsoft Office 2019 for Mac
Microsoft Office Online Server
Microsoft Office LTSC 2021
Microsoft Office LTSC for Mac 2021
Microsoft 365 Apps for Enterprise
Microsoft Word 2013 Service q
Microsoft Word 2016
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Foundation e Enterprise Server 2013
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019

Correções disponíveis
Aplicar a solução disponibilizada pelo fornecedor do produto - Microsoft
 - - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716

Identificadores CVE (http://cve.mitre.org)
CVE-2023-21716

Mais informações
 - - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716
 - -
https://support.microsoft.com/en-us/office/change-the-message-format-to-html-rich-text-format-or-plain-text-338a389d-11da-47fe-b693-cf41f792fefa?ui=en-us&rs=en-us&ad=u

O CAIS recomenda que os administradores mantenham seus sistemas e
aplicativos sempre atualizados, de acordo com as últimas versões e
correções oferecidas pelos fabricantes.

Os alertas do CAIS também podem ser acompanhados pelas redes sociais da
RNP. Siga-nos!!
Twitter: @RedeRNP
Facebook: facebook.com/RedeNacionaldeEnsinoePesquisaRNP.

################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       https://cais.rnp.br/                  #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponível   https://www.rnp.br/cais/cais-pgp.key  #
################################################################
-----BEGIN PGP SIGNATURE-----
Version: OpenPGP.js v2.6.2
Comment: https://openpgpjs.org

wsFcBAEBCAAQBQJkC36YCRDU96v9U5pXgAAAR0kQAJYEnb9+snX6xgT8lv8t
GoM67q0Au/WsHyZa3nB5MLgDQvKOQ1sShRj+SGfoL79PjLy1WIQU+Sectrnr
5saIhuBwBP/B9nzqvuRmt/yW2LVq9QDn9dHRV4rKUygzf5KrG5ljY8LlZW8a
dkGvCk+2qt1hLJrzvpjdkl6fu0NKlq2M2/BoqCLCqmfg3okrX3JpSknMoHBX
y8mNuLcRIjYOT7Yj9CTLiavlnMyKibe8+2/8ZsD1RZ3iMaF7ybfmtxev7JKH
0Q/vhExz6iooRs/G74A1gylu/mkiB1EKvruMosCWNt84ZGR24N3j9WICYfL9
EmcXuax7KYnvbcdtUgFxz2UZ8cyw8OHVupPePxb4cc2HiGDsMZNY+tHG3DuF
v1upGSKKMEiE92l/3i9h51V6y2VpAKe9ort7Z2Yoy1PoPsbRznhMTnOMz01B
83LmsU7Y9xOQZ/oQLknIOJzYAo5qzZXHJ5vrZXE/trJNvGVhxMvIN0LMTJuS
M0rFKGrNp9doOpR7UE2xjQBvFVAK8jkzbqZgXzCZvixZQC2+DZlmaeUa6ZF/
m/BgR+wqxo83oRlp7p6j2IL5k6uyyERWg4Q9DRQIYPK4dh6KoCrn0/0Fr+sQ
jDBGCtELJOLin/J9Eo7wmFUPGb3g22FOI0mLr5d3jp5l1MJp/upY3txsJwmA
yuSQ
=z0BK
-----END PGP SIGNATURE-----
_______________________________________________
RNP-Alerta
rnp-alerta em listas.rnp.br
https://listas.rnp.br/mailman/listinfo/rnp-alerta

===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20230310/fd71b78c/attachment.html>

From security em unicamp.br  Wed Mar 15 15:10:34 2023
From: security em unicamp.br (CSIRT Unicamp)
Date: Wed, 15 Mar 2023 15:10:34 -0300
Subject: [SECURITY-L] [Security-news] Drupal core - Moderately critical -
 Information Disclosure - SA-CORE-2023-002
Message-ID: <CAEsueBPBOrP-zaAWgh2UiVkxOZOVDtbsQOY2B-oL_W8im3zUUg@mail.gmail.com>

 View online: https://www.drupal.org/sa-core-2023-002

Project: Drupal core [1]
Date: 2023-March-15
Security risk: *Moderately critical* 14?25
AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Default [2]
Vulnerability: Information Disclosure

Affected versions: >=8.0.0 <9.4.12 || >=9.5.0 <9.5.5 || >=10.0.0 <10.0.5
Description:
The Media module does not properly check entity access in some
circumstances.
This may result in users seeing thumbnails of media items they do not have
access to, including for private files.

This release was coordinated with SA-CONTRIB-2023-010 [3].

This advisory is not covered by Drupal Steward [4].

Solution:
Install the latest version:

   * If you are using Drupal 10.0, update to Drupal 10.0.5 [5].
   * If you are using Drupal 9.5, update to Drupal 9.5.5 [6].
   * If you are using Drupal 9.4, update to Drupal 9.4.12 [7].

All versions of Drupal 9 prior to 9.4.x are end-of-life and do not receive
security coverage. Note that Drupal 8 has reached its end of life [8].

Drupal 7 core does not include the Media Library module and therefore is not
affected.

Reported By:
   * James Williams [9]
   * Dan Flanagan [10]

Fixed By:
   * Lee Rowlands [11] of the Drupal Security Team
   * James Williams [12]
   * Jess  [13] of the Drupal Security Team
   * Dave Long [14] of the Drupal Security Team
   * Dan Flanagan [15]
   * Jen Lampton [16] Provisional Member of the Drupal Security Team
   * Joseph Zhao [17] Provisional Member of the Drupal Security Team
   * Benji Fisher [18] of the Drupal Security Team


[1] https://www.drupal.org/project/drupal
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/sa-contrib-2023-010
[4] https://www.drupal.org/steward
[5] https://www.drupal.org/project/drupal/releases/10.0.5
[6] https://www.drupal.org/project/drupal/releases/9.5.5
[7] https://www.drupal.org/project/drupal/releases/9.4.12
[8] https://www.drupal.org/psa-2021-06-29
[9] https://www.drupal.org/user/592268
[10] https://www.drupal.org/user/3615359
[11] https://www.drupal.org/user/395439
[12] https://www.drupal.org/user/592268
[13] https://www.drupal.org/user/65776
[14] https://www.drupal.org/user/246492
[15] https://www.drupal.org/user/3615359
[16] https://www.drupal.org/user/85586
[17] https://www.drupal.org/user/1987218
[18] https://www.drupal.org/user/683300

_______________________________________________
Security-news mailing list
Security-news em drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news

===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20230315/89bc4680/attachment.html>

From security em unicamp.br  Wed Mar 29 16:13:45 2023
From: security em unicamp.br (CSIRT Unicamp)
Date: Wed, 29 Mar 2023 16:13:45 -0300
Subject: [SECURITY-L] [Security-news] Xray Audit - Moderately critical -
 Cross site scripting - SA-CONTRIB-2023-012
In-Reply-To: <mailman.4493.1680113453.57228.security-news@drupal.org>
References: <mailman.4493.1680113453.57228.security-news@drupal.org>
Message-ID: <CAEsueBP556wFqcT_QE2mpd=5eZGBbRCrGv_HdZhxD81eD1ZDjA@mail.gmail.com>

View online: https://www.drupal.org/sa-contrib-2023-012

Project: Xray Audit [1]
Date: 2023-March-29
Security risk: *Moderately critical* 13?25
AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All [2]
Vulnerability: Cross site scripting

Description:
This module is a tool for developers, analysts, and administrators that
allows them to generate reports on a given Drupal installation.

The module does not sufficiently sanitize some data presented in its
reports.

This vulnerability is mitigated by the fact that an attacker must have a
role
with permissions to administer an impacted content type.

Solution:
Install the latest version:

   * If you use the Xray Audit module for Drupal 9.x / 10.x, upgrade to Xray
     Audit v.1.1.1 [3]

Reported By:
   * Conrad Lara [4]

Fixed By:
   * Luis Peidró [5]

Coordinated By:
   * Damien McKenna [6] of the Drupal Security Team
   * Greg Knaddison [7] of the Drupal Security Team
   * Chris McCafferty [8] of the Drupal Security Team


[1] https://www.drupal.org/project/xray_audit
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/xray_audit/releases/1.1.1
[4] https://www.drupal.org/user/1790054
[5] https://www.drupal.org/user/3372326
[6] https://www.drupal.org/user/108450
[7] https://www.drupal.org/user/36762
[8] https://www.drupal.org/user/1850070

_______________________________________________
Security-news mailing list
Security-news em drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news



===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20230329/6f1d3ccf/attachment.html>