These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-235-2: sudo vulnerability

USN-235-1 fixed a vulnerability in sudo’s handling of environment variables. Tavis Ormandy noticed that sudo did not filter out the PYTHONINSPECT environment variable, so that users with the limited privilege of calling a python script with sudo could still escalate their privileges. For reference, this is the original advisory: Charles Morris…

9 January 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-236-2: xpdf vulnerabilities in kword, kpdf

USN-236-1 fixed several vulnerabilities in xpdf. kpdf and kword contain copies of xpdf code and are thus vulnerable to the same issues. For reference, this is the original advisory: Chris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into…

9 January 2006 | ubuntu-5.10, ubuntu-5.04

USN-239-1: libapache2-mod-auth-pgsql vulnerability

Several format string vulnerabilities were discovered in the error logging handling. By sending specially crafted user names, an unauthenticated remote attacker could exploit this to crash the Apache server or possibly even execute arbitrary code with the privileges of Apache (user ‘www-data’).

9 January 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-238-2: Blender vulnerability

Damian Put discovered that Blender did not properly validate a ‘length’ value in .blend files. Negative values led to an insufficiently sized memory allocation. By tricking a user into opening a specially crafted .blend file, this could be exploited to execute arbitrary code with the privileges of the Blender user.

6 January 2006 | ubuntu-5.10

USN-238-1: Blender vulnerability

Kurt Fitzner discovered that the NBD (network block device) server did not correctly verify the maximum size of request packets. By sending specially crafted large request packets, a remote attacker who is allowed to access the server could exploit this to execute arbitrary code with root privileges.

6 January 2006 | ubuntu-5.10

USN-237-1: nbd vulnerability

Kurt Fitzner discovered that the NBD (network block device) server did not correctly verify the maximum size of request packets. By sending specially crafted large request packets, a remote attacker who is allowed to access the server could exploit this to execute arbitrary code with root privileges.

6 January 2006 | ubuntu-5.10

USN-236-1: xpdf vulnerabilities

Chris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document. The CUPS printing system also…

6 January 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-235-1: sudo vulnerability

Charles Morris discovered a privilege escalation vulnerability in sudo. On executing Perl scripts with sudo, various environment variables that affect Perl’s library search path were not cleaned properly. If sudo is set up to grant limited sudo execution of Perl scripts to normal users, this could be exploited to run arbitrary commands as the…

6 January 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-234-1: cpio vulnerability

Richard Harms discovered that cpio did not sufficiently validate file properties when creating archives. Files with e. g. a very large size caused a buffer overflow. By tricking a user or an automatic backup system into putting a specially crafted file into a cpio archive, a local attacker could probably exploit this to execute arbitrary code with…

3 January 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-233-1: fetchmail vulnerability

Steve Fosdick discovered a remote Denial of Service vulnerability in fetchmail. When using fetchmail in ‘multidrop’ mode, a malicious email server could cause a crash by sending an email without any headers. Since fetchmail is commonly called automatically (with cron, for example), this crash could go unnoticed.

3 January 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10