These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-319-1: Linux kernel vulnerability

A race condition has been discovered in the file permission handling of the /proc file system. A local attacker could exploit this to execute arbitrary code with full root privileges.

18 July 2006 | ubuntu-6.06-lts

USN-318-1: libtunepimp vulnerability

Kevin Kofler discovered several buffer overflows in the tag parser. By tricking a user into opening a specially crafted tagged multimedia file (such as .ogg or .mp3 music) with an application that uses libtunepimp, this could be exploited to execute arbitrary code with the user’s privileges. This particularly affects the KDE applications…

13 July 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-317-1: zope2.8 vulnerability

Zope did not deactivate the ‘raw’ command when exposing RestructuredText functionalities to untrusted users. A remote user with the privilege of editing Zope webpages with RestructuredText could exploit this to expose arbitrary files that can be read with the privileges of the Zope server.

13 July 2006 | ubuntu-5.10

USN-315-1: libmms, xine-lib vulnerabilities

Matthias Hopf discovered several buffer overflows in libmms. By tricking a user into opening a specially crafted remote multimedia stream with an application using libmms, a remote attacker could exploit this to execute arbitrary code with the user’s privileges. The Xine library contains an embedded copy of libmms, and thus needs the same…

13 July 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-314-1: samba vulnerability

The Samba security team reported a Denial of Service vulnerability in the handling of information about active connections. In certain circumstances an attacker could continually increase the memory usage of the smbd process by issuing a large number of share connection requests. By draining all available memory, this could be exploited to render…

13 July 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-316-1: installer vulnerability

Iwan Pieterse discovered that, if you select “Go Back” at the final message displayed by the alternate or server CD installer (“Installation complete”) and then continue with the installation from the installer’s main menu, the root password is left blank rather than locked. This was due to an error while clearing out the root password from…

13 July 2006 | ubuntu-6.06-lts

USN-313-1: OpenOffice.org vulnerabilities

It was possible to embed Basic macros in documents in a way that OpenOffice.org would not ask for confirmation about executing them. By tricking a user into opening a malicious document, this could be exploited to run arbitrary Basic code (including local file access and modification) with the user’s privileges. (CVE-2006-2198) A flaw was…

12 July 2006 | ubuntu-6.06-lts, ubuntu-5.04

USN-311-1: Linux kernel vulnerabilities

A race condition was discovered in the do_add_counters() functions. Processes which do not run with full root privileges, but have the CAP_NET_ADMIN capability can exploit this to crash the machine or read a random piece of kernel memory. In Ubuntu there are no packages that are affected by this, so this can only be an issue for you if you…

11 July 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-312-1: gimp vulnerability

Henning Makholm discovered that gimp did not sufficiently validate the ‘num_axes’ parameter in XCF files. By tricking a user into opening a specially crafted XCF file with Gimp, an attacker could exploit this to execute arbitrary code with the user’s privileges.

10 July 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-310-1: ppp vulnerability

Marcus Meissner discovered that the winbind plugin of pppd does not check the result of the setuid() call. On systems that configure PAM limits for the maximum number of user processes and enable the winbind plugin, a local attacker could exploit this to execute the winbind NTLM authentication helper as root. Depending on the local…

6 July 2006 | ubuntu-6.06-lts, ubuntu-5.10