DISI 2015

Comemorando sua 10ª edição, o Dia Internacional de Segurança em Informática (DISI) é promovido pela Rede Nacional de Ensino e Pesquisa (RNP), por meio do seu Centro de Atendimento a Incidentes de Segurança (CAIS). Realizado desde 2005, o DISI é um evento anual voltado ao usuário final de Internet, que tem como objetivo promover boas… Continue Reading →

Falha no BIND 9.1.0 a 9.8.x, 9.9.0 a 9.9.7-P1 e 9.10.0 a 9.10.2 P2

O Internet Consortium Systems (ICS) liberou na última semana a correção para um das brechas mais preocupantes já descobertas no BIND, um dos softwares de DNS mais utilizados na web e o padrão em sistemas baseados em Unix. A falha permite que um hacker sozinho consiga derrubar partes da internet com um comando simples. E… Continue Reading →

DSA-3032-1 bash — security update

Date Reported:24 Sep 2014 Affected Packages:bash Vulnerable:Yes Security database references:In Mitre’s CVE dictionary: CVE-2014-6271. More information: Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash has been configured as the system shell. For… Continue Reading →

DSA-2966-1 samba — security update

Date Reported:23 Jun 2014 Affected Packages:samba Vulnerable:Yes Security database references:In Mitre’s CVE dictionary: CVE-2014-0178, CVE-2014-0244, CVE-2014-3493. More information: Multiple vulnerabilities were discovered and fixed in Samba, a SMB/CIFS file, print, and login server: CVE-2014-0178Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled. CVE-2014-0244Denial of… Continue Reading →

DSA-3014-1 squid3 — security update

Date Reported:28 Aug 2014 Affected Packages:squid3 Vulnerable:Yes Security database references:In the Debian bugtracking system: Bug 759509. In Mitre’s CVE dictionary: CVE-2014-3609. More information: Matthew Daley discovered that Squid3, a fully featured web proxy cache, did not properly perform input validation in request parsing. A remote attacker could use this flaw to mount a denial of service by… Continue Reading →

DSA-2958-1 apt — security update

Date Reported:12 Jun 2014 Affected Packages:apt Vulnerable:Yes Security database references:In the Debian bugtracking system: Bug 749795. In Mitre’s CVE dictionary: CVE-2014-0478. More information: Jakub Wilk discovered that APT, the high level package manager, did not properly perform authentication checks for source packages downloaded via “apt-get source”. This only affects use cases where source packages are downloaded via… Continue Reading →

DSA-3002-1 wireshark — security update

Date Reported:10 Aug 2014 Affected Packages:wireshark Vulnerable:Yes Security database references:In Mitre’s CVE dictionary: CVE-2014-5161, CVE-2014-5162, CVE-2014-5163, CVE-2014-5164, CVE-2014-5165. More information: Multiple vulnerabilities were discovered in the dissectors for Catapult DCT2000, IrDA, GSM Management, RLC ASN.1 BER, which could result in denial of service. For the stable distribution (wheezy), these problems have been fixed in version 1.8.2-5wheezy11. For the unstable distribution… Continue Reading →

DSA-2987-1 openjdk-7 — security update

Date Reported:23 Jul 2014 Affected Packages:openjdk-7 Vulnerable:Yes Security database references:In Mitre’s CVE dictionary: CVE-2014-2483, CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4221, CVE-2014-4223, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4264, CVE-2014-4266, CVE-2014-4268. More information: Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. For the stable distribution (wheezy), these problems have… Continue Reading →

DSA-2973-1 vlc — security update

Date Reported:07 Jul 2014 Affected Packages:vlc Vulnerable:Yes Security database references:In Mitre’s CVE dictionary: CVE-2013-1868, CVE-2013-1954, CVE-2013-4388. More information: Multiple buffer overflows have been found in the VideoLAN media player. Processing malformed subtitles or movie files could lead to denial of service and potentially the execution of arbitrary code. For the stable distribution (wheezy), these problems have been fixed… Continue Reading →

DSA-2974-1 php5 — security update

Date Reported:08 Jul 2014 Affected Packages:php5 Vulnerable:Yes Security database references:In Mitre’s CVE dictionary: CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-4721. More information: Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0207Francisco Alonso of the Red Hat Security Response Team reported an incorrect boundary check… Continue Reading →