From security em unicamp.br Tue Sep 3 13:38:22 2024 From: security em unicamp.br (CSIRT Unicamp) Date: Tue, 3 Sep 2024 13:38:22 -0300 Subject: [SECURITY-L] [USN-6986-1] OpenSSL vulnerability Message-ID: ========================================================================== Ubuntu Security Notice USN-6986-1 September 03, 2024 openssl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: OpenSSL could be made to crash or expose sensitive information if it received a specially crafted certificate. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: David Benjamin discovered that OpenSSL incorrectly handled certain X.509 certificates. An attacker could possible use this issue to cause a denial of service or expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libssl3t64 3.0.13-0ubuntu3.4 openssl 3.0.13-0ubuntu3.4 Ubuntu 22.04 LTS libssl3 3.0.2-0ubuntu1.18 openssl 3.0.2-0ubuntu1.18 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6986-1 CVE-2024-6119 Package Information: https://launchpad.net/ubuntu/+source/openssl/3.0.13-0ubuntu3.4 https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.18 === Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - Unicamp Centro de Computacao - CCUEC GnuPG Public Key: http://www.security.unicamp.br/security.asc [^] Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830 -------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: From security em unicamp.br Tue Sep 3 13:40:41 2024 From: security em unicamp.br (CSIRT Unicamp) Date: Tue, 3 Sep 2024 13:40:41 -0300 Subject: [SECURITY-L] [USN-6981-2] Drupal vulnerabilities Message-ID: ========================================================================== Ubuntu Security Notice USN-6981-2 September 03, 2024 drupal7 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Drupal could be made to crash or run programs if it received specially crafted network traffic. Software Description: - drupal7: fully-featured content management framework Details: USN-6981-1 fixed vulnerabilities in Drupal. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2020-13671) It was discovered that Drupal incorrectly sanitized archived filenames. A remote attacker could possibly use this issue to overwrite arbitrary files, or execute arbitrary code. (CVE-2020-28948, CVE-2020-28949) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS drupal7 7.26-1ubuntu0.1+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6981-2 https://ubuntu.com/security/notices/USN-6981-1 CVE-2020-13671, CVE-2020-28948, CVE-2020-28949 === Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - Unicamp Centro de Computacao - CCUEC GnuPG Public Key: http://www.security.unicamp.br/security.asc [^] Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830 -------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: From security em unicamp.br Wed Sep 4 08:38:04 2024 From: security em unicamp.br (CSIRT Unicamp) Date: Wed, 4 Sep 2024 08:38:04 -0300 Subject: [SECURITY-L] [oss-security] Webmin UDP/10000 discovery service Loop DoS (COK-2024-05-05) Message-ID: Webmin is a web-based system administration tool for Unix-like servers, and services with about 1,000,000 yearly installations worldwide. Webmin/Virtualmin use a UDP service discovery, usually running on port UDP/10000. This service responds to any UDP request with the IP address and port on which the control panel is available. This behavior can be used to implement a Loop DoS attack (CVE-2024-2169 etc) by sending udp packets with spoofed source ip:port using other Webmin instance IP-andreess that can lead to endless traffic exchange between hosts, Denial of Service (DOS) and/or abuse of resources. Fix: Users are recommended to upgrade to version Webmin 2.202, Virtualmin 7.20.2 which fixes the issue. Workaround: Block UDP/10000 the service for access from the Internet. References: https://webmin.com/ https://cispa.de/en/loop-dos https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2169 Credits: Alexander Chernenkov, Sergey Gordeychik, CyberOK === Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - Unicamp Centro de Computacao - CCUEC GnuPG Public Key: http://www.security.unicamp.br/security.asc [^] Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830 -------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: From security em unicamp.br Thu Sep 19 13:36:05 2024 From: security em unicamp.br (CSIRT Unicamp) Date: Thu, 19 Sep 2024 13:36:05 -0300 Subject: [SECURITY-L] VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813) Message-ID: Product/Component VMware Cloud Foundation 1 more products Notification Id 24968 Last Updated 17 September 2024 Initial Publication Date 17 September 2024 Status OPEN Severity CRITICAL CVSS Base Score 7.5-9.8 WorkAround Affected CVE CVE-2024-38812, CVE-2024-38813 *Advisory ID:* VMSA-2024-0019 *Severity:* Critical *CVSSv3 Range:* 7.5-9.8 *Synopsis:* VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813) *Issue date:* 2024-09-17 *Updated on:* 2024-09-17 (Initial Advisory) *CVE(s)* CVE-2024-38812, CVE-2024-38813 *1. Impacted Products* - VMware vCenter Server - VMware Cloud Foundation *2. Introduction* A heap-overflow vulnerability and a privilege escalation vulnerability in vCenter Server were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. *3a**. VMware vCenter Server heap-overflow vulnerability (CVE-2024-38812* *) * *Description:*The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8 . *Known Attack Vectors:*A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. *Resolution:*To remediate CVE-2024-38812 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments. *Workarounds:*In-product workarounds were investigated, but were determined to not be viable. *Additional Documentation:*A supplemental FAQ was created for additional clarification. Please see: https://bit.ly/vcf-vmsa-2024-0019-qna *Acknowledgments:*VMware would like to thank zbl & srs of team TZL working with the 2024 Matrix Cup contest for reporting this issue to us. *Notes:*None. *3b. VMware vCenter privilege escalation vulnerability **(CVE-2024-38813) * *Description:*The vCenter Server contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5 . *Known Attack Vectors:*A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. *Resolution:*To remediate CVE-2024-38813 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments. *Workarounds:*None. *Additional Documentation:*A supplemental FAQ was created for additional clarification. Please see: https://bit.ly/vcf-vmsa-2024-0019-qna *Acknowledgments:*VMware would like to thank zbl & srs of team TZL working with the 2024 Matrix Cup contest for reporting this issue to us. *Notes:*None. *Response Matrix: 3a & 3b* *VMware Product* *Version* *Running On* *CVE* *CVSSv3* *Severity* *Fixed Version* *Workarounds* *Additional Documentation* vCenter Server 8.0 Any CVE-2024-38812, CVE-2024-38813 9.8 , 7.5 Critical 8.0 U3b None FAQ vCenter Server 7.0 Any CVE-2024-38812, CVE-2024-38813 9.8 , 7.5 Critical 7.0 U3s None FAQ VMware Cloud Foundation 5.x Any CVE-2024-38812, CVE-2024-38813 9.8 , 7.5 Critical Async patch to 8.0 U3b None Async Patching Guide: KB88287 VMware Cloud Foundation 4.x Any CVE-2024-38812, CVE-2024-38813 9.8 , 7.5 Critical Async patch to 7.0 U3s None Async Patching Guide: KB88287 *4. References:* *Fixed Version(s) and Release Notes:* *VMware vCenter Server 8.0 U3b*Downloads and Documentation: https://support.broadcom.com/web/ecx/solutiondetails?patchId=5515 https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-vcenter-server-80u3b-release-notes/index.html *VMware vCenter Server 7.0 U3s*Downloads and Documentation: https://support.broadcom.com/web/ecx/solutiondetails?patchId=5513 https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3s-release-notes/index.html *KB Articles:* Cloud Foundation 5.x/4.x: https://knowledge.broadcom.com/external/article?legacyId=88287 *Mitre CVE Dictionary Links:* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38812 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38813 *FIRST CVSSv3 Calculator: * CVE-2024-38812: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2024-38813: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H *5. Change Log:* *2024-09-17 VMSA-2024-0019*Initial security advisory. *6. Contact:* E-mail: vmware.psirt em broadcom.com PGP key https://knowledge.broadcom.com/external/article/321551 VMware Security Advisories https://www.broadcom.com/support/vmware-security-advisories VMware External Vulnerability Response and Remediation Policy https://www.broadcom.com/support/vmware-services/security-response VMware Lifecycle Support Phases https://support.broadcom.com/group/ecx/productlifecycle VMware Security Blog https://blogs.vmware.com/security X https://x.com/VMwareSRC Copyright 2024 Broadcom All rights reserved. === Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - Unicamp Centro de Computacao - CCUEC GnuPG Public Key: http://www.security.unicamp.br/security.asc [^] Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830 -------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: From security em unicamp.br Thu Sep 19 16:47:29 2024 From: security em unicamp.br (CSIRT Unicamp) Date: Thu, 19 Sep 2024 16:47:29 -0300 Subject: [SECURITY-L] [RNP/CAIS Alerta #0159] Vulnerabilidade no GitLab Community e Enterprise Edition Message-ID: CAIS-Alerta [19-09-2024] Vulnerabilidade no GitLab Community e Enterprise Edition Prezados(as), O CAIS alerta a comunidade de segurança cibernética sobre um conjunto de vulnerabilidades críticas recentemente divulgadas pela GitLab, que afetam suas soluções GitLab Community (CE) e Enterprise Edition (EE). Neste alerta, destacamos o CVE-2024-45409, que recebeu uma pontuação CVSS de 10.0. Recomendamos fortemente que os administradores dos ambientes impactados acessem os boletins completos do fornecedor na aba "Mais informações". 1) Produtos e versões afetadas; 2) Identificadores CVE (http://cve.mitre.org); 3) Descrição das vulnerabilidades; 4) Mitigação e correções disponíveis; e 5) Mais informações. 1) Produtos e versões afetadas: GitLab CE/EE Versões anteriores a 17.3.3, 17.2.7, 17.1.8, 17.0.8, 16.11.10 2) Identificadores CVE (http://cve.mitre.org): CVE-2024-45409 3) Descrição das vulnerabilidades: Esta vulnerabilidade foi identificada na biblioteca ruby-saml, resultante da falha em verificar corretamente a assinatura da resposta SAML. Um agente malicioso não autenticado, com acesso a qualquer documento SAML assinado pelo IdP, pode forjar uma Resposta/Afirmação SAML com conteúdo arbitrário. Isso permitirá que o invasor acesse o sistema como um usuário arbitrário. SAML, que significa Security Assertion Markup Language, é um protocolo que possibilita o logon único (SSO) e a troca de dados de autenticação e autorização entre diferentes aplicativos e sites. 4) Mitigação e correções disponíveis: A GitLab lançou pacotes de atualização nas versões 17.3.3, 17.2.7, 17.1.8, 17.0.8, 16.11.10 para correção da vulnerabilidade, e recomenda fortemente que os administradores de todas as versões do GitLab CE/EE atualizem seus ambientes para mitigação do problema. 5) Mais informações: https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/ https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/ O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as últimas versões e correções oferecidas pelos fabricantes. Os alertas do CAIS também podem ser acompanhados pelas redes sociais da RNP. Siga-nos!! Twitter: @caisRNP Facebook: facebook.com/RedeNacionaldeEnsinoePesquisaRNP. ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br https://www.rnp.br/sistema-rnp/cais # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponível https://www.rnp.br/cais/cais-pgp.key # ################################################################ === Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - Unicamp Centro de Computacao - CCUEC GnuPG Public Key: http://www.security.unicamp.br/security.asc [^] Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830 -------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: