These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-114-2: Fixed packages for USN-114-1

USN-114-1 fixed a vulnerability in the PCX decoder of kimgio. Unfortunately it was discovered that the original patches were faulty and caused regressions. This update now has the correct patches. This update also fixes the disappearing KDE settings which were caused by the accidential removal of…

27 May 2005 | ubuntu-5.04

USN-134-1: Firefox vulnerabilities

It was discovered that a malicious website could inject arbitrary scripts into a target site by loading it into a frame and navigating back to a previous Javascript URL that contained an eval() call. This could be used to steal cookies or other confidential data from the target site. If the target site is allowed to raise the install confirmation…

27 May 2005 | ubuntu-5.04

USN-133-1: Apache utility vulnerability

A buffer overflow was discovered in the “htpasswd” utility. This could be exploited to execute arbitrary code with the privileges of the user invoking htpasswd. This is only a security vulnerability if you have a website that offers a public interface to htpasswd without checking the input beforehand; however, this is very unusual.

26 May 2005 | ubuntu-4.10

USN-132-1: ImageMagick vulnerabilities

Damian Put discovered a buffer overflow in the PNM image decoder. Processing a specially crafted PNM file with a small “colors” value resulted in a crash of the application that used the ImageMagick library. (CAN-2005-1275) Another Denial of Service vulnerability was found in the XWD decoder. Specially crafted invalid color masks resulted in an…

23 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-131-1: Linux kernel vulnerabilities

Colin Percival discovered an information disclosure in the “Hyper Threading Technology” architecture in processors which are capable of simultaneous multithreading (in particular Intel Pentium 4, Intel Mobile Pentium 4, and Intel Xeon processors). This allows a malicious thread to monitor the execution of another thread on the same CPU. This could…

23 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-130-1: TIFF library vulnerability

Tavis Ormandy discovered a buffer overflow in the TIFF library. A malicious image with an invalid “bits per sample” number could be constructed which, when decoded, would have resulted in execution of arbitrary code with the privileges of the process using the library. Since this library is used in many applications like “ghostscript” and the…

20 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-129-1: Squid vulnerability

It was discovered that Squid did not verify the validity of DNS server responses. When Squid is started, it opens a DNS client UDP port whose number is randomly assigned by the operating system. Unless your network firewall is configured to accept DNS responses only from known good nameservers, this vulnerability allowed users within the…

18 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-128-1: nasm vulnerability

Josh Bressers discovered a buffer overflow in the ieee_putascii() function of nasm. If an attacker tricked a user into assembling a malicious source file, they could exploit this to execute arbitrary code with the privileges of the user that runs nasm.

18 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-127-1: bzip2 vulnerabilities

Imran Ghory discovered a race condition in the file permission restore code of bunzip2. While a user was decompressing a file, a local attacker with write permissions in the directory of that file could replace the target file with a hard link. This would cause bzip2 to restore the file permissions to the hard link target instead of to the bzip2…

17 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-126-1: GNU TLS library vulnerability

A Denial of Service vulnerability was discovered in the GNU TLS library, which provides common cryptographic algorithms and is used by many applications in Ubuntu. Due to a missing sanity check of the padding length field, specially crafted ciphertext blocks caused an out of bounds memory access which could crash the application. It was not…

13 May 2005 | ubuntu-5.04, ubuntu-4.10