These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-293-1: gdm vulnerability

If the admin configured a gdm theme that provided an user list, any user could activate the gdm setup program by first choosing the setup option from the menu, clicking on the user list and entering his own (instead of root’s) password. This allowed normal users to configure potentially dangerous features like remote or automatic login. Please…

9 June 2006 | ubuntu-6.06-lts, ubuntu-5.10

USN-288-2: PostgreSQL server/client vulnerabilities

USN-288-1 fixed two vulnerabilities in Ubuntu 5.04 and Ubuntu 5.10. This update fixes the same vulnerabilities for Ubuntu 6.06 LTS. For reference, these are the details of the original USN: CVE-2006-2313: Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data. If a client…

9 June 2006 | ubuntu-6.06-lts

USN-291-1: FreeType vulnerabilities

Several integer overflows have been discovered in the FreeType library. By tricking a user into installing and/or opening a specially crafted font file, these could be exploited to execute arbitrary code with the privileges of that user.

8 June 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-290-1: awstats vulnerability

Hendrik Weimer discovered a privilege escalation vulnerability in awstats. By supplying the ‘configdir’ CGI parameter and setting it to an attacker-controlled directory (such as an FTP account, /tmp, or similar), an attacker could execute arbitrary shell commands with the privileges of the web server (user ‘www-data’). This update disables the…

8 June 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-289-1: tiff vulnerabilities

A buffer overflow has been found in the tiff2pdf utility. By tricking an user into processing a specially crafted TIF file with tiff2pdf, this could potentially be exploited to execute arbitrary code with the privileges of the user. (CVE-2006-2193) A. Alejandro Hern´┐Żndez discovered a buffer overflow in the tiffsplit utility. By calling tiffsplit…

8 June 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-288-1: PostgreSQL server/client vulnerabilities

CVE-2006-2313: Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data. If a client application processed untrusted input without respecting its encoding and applied standard string escaping techniques (such as replacing a single quote >>‘<< with >>\’<< or >>“<<), the PostgreSQL server…

29 May 2006 | ubuntu-5.10, ubuntu-5.04

USN-287-1: Nagios vulnerability

The nagios CGI scripts did not sufficiently check the validity of the HTTP Content-Length attribute. By sending a specially crafted HTTP request with an invalidly large Content-Length value to the Nagios server, a remote attacker could exploit this to execute arbitrary code with web server privileges. Please note that the Apache 2 web server…

29 May 2006 | ubuntu-5.10, ubuntu-5.04

USN-286-1: Dia vulnerabilities

Several format string vulnerabilities have been discovered in dia. By tricking a user into opening a specially crafted dia file, or a file with a specially crafted name, this could be exploited to execute arbitrary code with the user’s privileges.

24 May 2006 | ubuntu-5.10, ubuntu-5.04

USN-285-1: awstats vulnerability

AWStats did not properly sanitize the ‘migrate’ CGI parameter. If the update of the stats via web front-end is allowed, a remote attacker could execute arbitrary commands on the server with the privileges of the AWStats server. This does not affect AWStats installations which only build static pages.

23 May 2006 | ubuntu-5.10, ubuntu-5.04

USN-284-1: Quagga vulnerabilities

Paul Jakma discovered that Quagga’s ripd daemon did not properly handle authentication of RIPv1 requests. If the RIPv1 protocol had been disabled, or authentication for RIPv2 had been enabled, ripd still replied to RIPv1 requests, which could lead to information disclosure. (CVE-2006-2223) Paul Jakma also noticed that ripd accepted…

16 May 2006 | ubuntu-5.10, ubuntu-5.04