From security em unicamp.br Mon Apr 1 15:30:35 2024 From: security em unicamp.br (CSIRT Unicamp) Date: Mon, 1 Apr 2024 15:30:35 -0300 Subject: [SECURITY-L] [RNP/CAIS Alerta #0140] Vulnerabilidades nos pacotes xz-utils (LINUX) In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CAIS-Alerta [01-04-2024]: Vulnerabilidades nos pacotes xz-utils (LINUX) Prezados(as), O CAIS alerta a comunidade de segurança cibernética para vulnerabilidade encontrada nos pacotes do utilitário de compressão XZ, utilizado por diversas distribuições linux atualmente (CVE-2024-3094). Os utilitários de compactação de formato XZ, incluídos na maioria das distribuições Linux, podem ?permitir que um ator mal-intencionado quebre a autenticação sshd e obtenha acesso não autorizado a todo o sistema remotamente?, alerta a Red Hat. 1) Produtos afetados; 2) Identificadores CVE (http://cve.mitre.org); 3) Descrição das vulnerabilidades; 4) Mitigação e correções disponíveis; e 5) Mais Informações. 1) Produtos afetados: - - Fedora 41; - - Fedora Rawhide; - - openSUSE Factory; - - openSUSE Tumbleweed; - - Distribuições Debian nas versões testing, unstable e experimental; e - - Qualquer distro que esteja executando as versões 5.6.0 e 5.6.1 do pacote xz-utils. 2) Identificadores CVE (http://cve.mitre.org): - - https://nvd.nist.gov/vuln/detail/CVE-2024-3094 (CVSS 10.0) - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3094 3) Descrição da(s) vulnerabilidade(s): - - Um código malicioso foi descoberto nos tarballs upstream do utilitário xz, a partir da versão 5.6.0. Através de uma série de ofuscações complexas, o processo de construção da biblioteca "liblzma" extrai um arquivo-objeto pré-construído de um arquivo de teste disfarçado existente no código-fonte, que é então usado para modificar funções específicas no código da "liblzma". Isso resulta em uma biblioteca "liblzma" modificada que pode ser usada por qualquer software vinculado a esta biblioteca, interceptando e modificando a interação de dados com esta biblioteca. 4) Mitigação e correções disponíveis: - - Atualize os pacotes para versões não vulneráveis ou aplique as correções disponibilizadas pelos fornecedores. - - Independente da lista de sistemas operacionais afetados, recomenda-se a busca pelos pacotes supracitados nos ambientes computacionais, bem como aplicação das medidas de mitigação em caso de identificar as versões afetadas pela presente vulnerabilidade. 5) Mais Informações: - - https://access.redhat.com/security/cve/CVE-2024-3094 - - https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/ - - https://aws.amazon.com/security/security-bulletins/AWS-2024-002/ - - https://boehs.org/node/everything-i-know-about-the-xz-backdoor - - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024 - - https://bugs.gentoo.org/928134 - - https://bugzilla.redhat.com/show_bug.cgi?id=2272210 - - https://bugzilla.suse.com/show_bug.cgi?id=1222124 - - https://lists.debian.org/debian-security-announce/2024/msg00057.html - - https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html - - https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/ - - https://security-tracker.debian.org/tracker/CVE-2024-3094 - - https://security.alpinelinux.org/vuln/CVE-2024-3094 - - https://security.archlinux.org/CVE-2024-3094 - - https://tukaani.org/xz-backdoor/ - - https://ubuntu.com/security/CVE-2024-3094 - - https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094 - - https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils - - https://www.openwall.com/lists/oss-security/2024/03/29/4 - - https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users - - https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as últimas versões e correções oferecidas pelos fabricantes. Os alertas do CAIS também podem ser acompanhados pelas redes sociais da RNP. Siga-nos!! Twitter: @caisRNP Facebook: facebook.com/RedeNacionaldeEnsinoePesquisaRNP. Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # Rede Nacional de Ensino e Pesquisa (RNP) # # cais em cais.rnp.br https://www.rnp.br/sistema-rnp/cais # Tel. 019-37873300 Fax. 019-37873301 # Chave PGP disponível https://www.rnp.br/cais/cais-pgp.key ################################################################ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEmWJsLogaTfQskA851Per/VOaV4AFAmYK+hsACgkQ1Per/VOa V4DAhRAAnUb4iAfNrQzREObNs9O9xdxWxhWMfVYhpTlw53pQ6DFhS2lFDwFRJWBV Nff3HrrvWlrySnJmDH1i4mDLufpy8ECwIC780ax+uGkQjgJ+Van1LMiE3drZYwcm 1Jf9rNNvCclEJ3792zVKZYB1KQ4DKSPu/EjGvscSQ0+ZI0uatxyHjH9VLt0Rmrkm vFPzGcwv1DbRxH5pXDHtW1I6jJb+1jSVEksouHlhsAGrDqQTONrZ5fkEu1Sf0gnt UfpXdmRnx1RFgh4SRFKZlwRRARytelluyXiN+V61lY02HkkRoLL7ytpoZRiCs5QC bRDDwZBx+G1HaDp418f9wJD17Z0B3w09btmsvPH4kKgJdGNmWKEYAKr+Lnm+rrK3 otuzRV8S0R9JBOOex9e9a7AOWJT4EP1Nd6OKyh8v5smkwEJv2abqezNWek94A7vg +97sQcYTetWjilr5V/wJOWPbdeSj81HAcHxs7Tsv+a2FRpHnW28yKPKtVUz6yCWC 1UWs7P50eGhBCfuLJiXfrMT4MdXlUVBweJawrtlBzDcZPJrveSZQETBSURwg8OvS ZM+YsR1Fe/lLP0ekGgE1sHF/Hcmdjq+Wi/sKlYEuFn1rBlRnRgm45WUxxNGESjQ6 x4dan9ZXpQ238L7NAAUxyxn6+V44WeYyblqKUDTMz3Bka6sQ6gU= =mNn0 -----END PGP SIGNATURE----- _______________________________________________ RNP-Alerta rnp-alerta em listas.rnp.br https://listas.rnp.br/mailman/listinfo/rnp-alerta === Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - Unicamp Centro de Computacao - CCUEC GnuPG Public Key: http://www.security.unicamp.br/security.asc [^] Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830 -------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: From security em unicamp.br Thu Apr 4 11:17:43 2024 From: security em unicamp.br (CSIRT Unicamp) Date: Thu, 4 Apr 2024 11:17:43 -0300 Subject: [SECURITY-L] =?utf-8?q?CVE=27s_para_Apache_sobre_exaust=C3=A3o_d?= =?utf-8?q?e_recursos_no_protocolo_HTTP?= Message-ID: [oss-security] CVE-2023-38709: Apache HTTP Server: HTTP response splitting Eric Covener covener em apache.org por lists.openwall.com para oss-security Affected versions: - Apache HTTP Server through 2.4.58 Description: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. Credit: Orange Tsai (@orange_8361) from DEVCORE (finder) References: https://httpd.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-38709 [oss-security] CVE-2024-27316: Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames Eric Covener covener em apache.org por lists.openwall.com para oss-security Severity: moderate Affected versions: - Apache HTTP Server 2.4.17 through 2.4.58 Description: HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. Credit: Bartek Nowotarski (https://nowotarski.info/) (finder) References: https://httpd.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-27316 [oss-security] CVE-2024-24795: Apache HTTP Server: HTTP Response Splitting in multiple modules Eric Covener covener em apache.org por lists.openwall.com para oss-security Severity: low Affected versions: - Apache HTTP Server 2.4.0 through 2.4.58 Description: HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue. Credit: Keran Mu, Tsinghua University and Zhongguancun Laboratory. (finder) Jianjun Chen, Tsinghua University and Zhongguancun Laboratory. (finder) References: https://httpd.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-24795 === Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - Unicamp Centro de Computacao - CCUEC GnuPG Public Key: http://www.security.unicamp.br/security.asc [^] Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830 -------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: From security em unicamp.br Tue Apr 9 16:54:41 2024 From: security em unicamp.br (CSIRT Unicamp) Date: Tue, 9 Apr 2024 16:54:41 -0300 Subject: [SECURITY-L] Fwd: Fortinet Releases Security Updates for Multiple Products In-Reply-To: <16869006.166555@messages.cisa.gov> References: <16869006.166555@messages.cisa.gov> Message-ID: === Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - Unicamp Centro de Computacao - CCUEC GnuPG Public Key: http://www.security.unicamp.br/security.asc [^] Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830 ---------- Forwarded message --------- De: CISA Date: ter., 9 de abr. de 2024 às 16:07 Subject: Fortinet Releases Security Updates for Multiple Products To: [image: Cybersecurity and Infrastructure Security Agency (CISA)] You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available. Fortinet Releases Security Updates for Multiple Products 04/09/2024 08:00 AM EDT Fortinet released security updates to address vulnerabilities in multiple products, including OS and FortiProxy. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: - FR-IR-23-345 FortiClientMac - Lack of configuration file validation - FG-IR-23-493 FortiOS & FortiProxy - Administrator cookie leakage - FG-IR-23-087 FortiClient Linux - Remote Code Execution due to dangerous nodejs configuration This product is provided subject to this Notification and this Privacy & Use policy. Having trouble viewing this message? View it as a webpage . You are subscribed to updates from the Cybersecurity and Infrastructure Security Agency (CISA) Manage Subscriptions | Privacy Policy | Help Connect with CISA: Facebook | Twitter | Instagram | LinkedIn | YouTube ------------------------------ This email was sent to security em unicamp.br using GovDelivery Communications Cloud, on behalf of: Cybersecurity and Infrastructure Security Agency · 707 17th St, Suite 4000 · Denver, CO 80202 [image: GovDelivery logo] -------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: From security em unicamp.br Fri Apr 12 15:08:34 2024 From: security em unicamp.br (CSIRT Unicamp) Date: Fri, 12 Apr 2024 15:08:34 -0300 Subject: [SECURITY-L] Wordfence CLI Message-ID: Olá pessoal uma ferramenta CLI do Wordfence que analisa o Wordpress por dentro procurando vulnerabilidades. https://github.com/wordfence/wordfence-cli/blob/main/docs/vuln-scan/Examples.md Abraços. === Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - Unicamp Centro de Computacao - CCUEC GnuPG Public Key: http://www.security.unicamp.br/security.asc [^] Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830 -------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: From security em unicamp.br Wed Apr 24 14:23:32 2024 From: security em unicamp.br (CSIRT Unicamp) Date: Wed, 24 Apr 2024 14:23:32 -0300 Subject: [SECURITY-L] [Security-news] Advanced PWA - Critical - Access bypass - SA-CONTRIB-2024-017 In-Reply-To: References: Message-ID: View online: https://www.drupal.org/sa-contrib-2024-017 Project: Advanced PWA [1] Date: 2024-April-24 Security risk: *Critical* 16?25 AC:None/A:User/CI:Some/II:Some/E:Theoretical/TD:All [2] Vulnerability: Access bypass Affected versions: <1.5.0 Description: Progressive web applications are web applications that load like regular web pages or websites but can offer the user functionality such as working offline, push notifications, and device hardware access traditionally available only to native applications. This module doesn't sufficiently protect access to the settings form, allowing an unauthorized malicious user to view and modify the module settings. Solution: Install the latest version: * If you use the Advanced Progressive Web App module for Drupal 8.x, upgrade to Advanced Progressive Web App 8.x-1.5 [3] Reported By: * Matthew Grasmick [4] Fixed By: * gMaximus [5] Coordinated By: * Greg Knaddison [6] of the Drupal Security Team * Michael Hess [7] of the Drupal Security Team * cilefen [8] of the Drupal Security Team * Cathy Theys [9] of the Drupal Security Team [1] https://www.drupal.org/project/advanced_pwa [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/advanced_pwa/releases/8.x-1.5 [4] https://www.drupal.org/user/455714 [5] https://www.drupal.org/user/1612496 [6] https://www.drupal.org/user/36762 [7] https://www.drupal.org/user/102818 [8] https://www.drupal.org/user/1850070 [9] https://www.drupal.org/user/258568 _______________________________________________ Security-news mailing list Security-news em drupal.org Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news === Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - Unicamp Centro de Computacao - CCUEC GnuPG Public Key: http://www.security.unicamp.br/security.asc [^] Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830 -------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: From security em unicamp.br Wed Apr 24 14:24:43 2024 From: security em unicamp.br (CSIRT Unicamp) Date: Wed, 24 Apr 2024 14:24:43 -0300 Subject: [SECURITY-L] [Security-news] REST Views - Moderately critical - Information Disclosure - SA-CONTRIB-2024-018 In-Reply-To: References: Message-ID: View online: https://www.drupal.org/sa-contrib-2024-018 Project: REST Views [1] Date: 2024-April-24 Security risk: *Moderately critical* 14?25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Default [2] Vulnerability: Information Disclosure Affected versions: <3.0.1 Description: The Rest views module lets site admins create rest exports in views with additional options for serializing data. This module does not accurately check access and may expose paths to unpublished content. This vulnerability is mitigated by the fact that there must be a specific content structure to expose. Paths to unpublished entities (such as nodes) will be exposed if those entities are referenced from other entities listed in a REST display, and the reference field on those listed entities is displayed with the "Entity path" formatter. Solution: Install the latest version: * REST Views 8.x-1.x versions are unsupported. * REST Views 2.x versions upgrade to Rest Views 3.0.1 [3] * REST Views 3.x versions prior to 3.0.1 upgrade to Rest Views 3.0.1 [4] Reported By: * nicxvan [5] Fixed By: * nicxvan [6] Coordinated By: * Benji Fisher [7] of the Drupal Security Team * Greg Knaddison [8] of the Drupal Security Team * Cathy Theys [9] of the Drupal Security Team [1] https://www.drupal.org/project/rest_views [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/rest_views/releases/3.0.1 [4] https://www.drupal.org/project/rest_views/releases/3.0.1 [5] https://www.drupal.org/user/531480 [6] https://www.drupal.org/user/531480 [7] https://www.drupal.org/user/683300 [8] https://www.drupal.org/user/36762 [9] https://www.drupal.org/user/258568 _______________________________________________ Security-news mailing list Security-news em drupal.org Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news === Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - Unicamp Centro de Computacao - CCUEC GnuPG Public Key: http://www.security.unicamp.br/security.asc [^] Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830 -------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: