These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-348-1: GnuTLS vulnerability

The GnuTLS library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key.

19 September 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-347-1: Linux kernel vulnerabilities

Sridhar Samudrala discovered a local Denial of Service vulnerability in the handling of SCTP sockets. By opening such a socket with a special SO_LINGER value, a local attacker could exploit this to crash the kernel. (CVE-2006-4535) Kirill Korotaev discovered that the ELF loader on the ia64 and sparc platforms did not sufficiently verify the…

19 September 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-346-2: Fixed linux-restricted-modules-2.6.15 for previous Linux kernel update

USN-346-1 provided an updated Linux kernel to fix several security vulnerabilities. Unfortunately the update broke the binary ‘nvidia’ driver from linux-restricted-modules. This update corrects this problem. We apologize for the inconvenience.

15 September 2006 | ubuntu-6.06-lts

USN-346-1: Linux kernel vulnerabilities

A Denial of service vulnerability was reported in iptables’ SCTP conntrack module. On computers which use this iptables module, a remote attacker could expoit this to trigger a kernel crash. (CVE-2006-2934) A buffer overflow has been discovered in the dvd_read_bca() function. By inserting a specially crafted DVD, USB stick, or…

15 September 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-345-1: mailman vulnerabilities

Steve Alexander discovered that mailman did not properly handle attachments with special filenames. A remote user could exploit that to stop mail delivery until the server administrator manually cleaned these posts. (CVE-2006-2941) Various cross-site scripting vulnerabilities have been reported by Barry Warsaw. By using specially crafted email…

13 September 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-344-1: X.org vulnerabilities

iDefense security researchers found several integer overflows in X.org’s font handling library. By using a specially crafted Type1 CID font file, a local user could exploit these to crash the X server or execute arbitrary code with root privileges.

13 September 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-343-1: bind9 vulnerabilities

bind did not sufficiently verify particular requests and responses from other name servers and users. By sending a specially crafted packet, a remote attacker could exploit this to crash the name server.

8 September 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-342-1: PHP vulnerabilities

The sscanf() function did not properly check array boundaries. In applications which use sscanf() with argument swapping, a remote attacker could potentially exploit this to crash the affected web application or even execute arbitrary code with the application’s privileges. (CVE-2006-4020) The file_exists() and imap_reopen() functions did not…

7 September 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-341-1: libxfont vulnerability

An integer overflow has been discovered in X.org’s font handling library. By using a specially crafted font file, this could be exploited to crash the X server or execute arbitrary code with root privileges.

7 September 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-340-1: imagemagick vulnerabilities

Tavis Ormandy discovered several buffer overflows in imagemagick’s Sun Raster and XCF (Gimp) image decoders. By tricking a user or automated system into processing a specially crafted image, this could be exploited to execute arbitrary code with the users’ privileges.

6 September 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04