These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-220-1: w3c-libwww vulnerability

Sam Varshavchik discovered several buffer overflows in the HTBoundary_put_block() function. By sending specially crafted HTTP multipart/byteranges MIME messages, a malicious HTTP server could trigger an out of bounds memory access in the libwww library, which causes the program that uses the library to crash.

1 December 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-219-1: Linux kernel vulnerabilities

22 November 2005 |

USN-218-1: netpbm vulnerabilities

Two buffer overflows were discovered in the ‘pnmtopng’ tool, which were triggered by processing an image with exactly 256 colors when using the -alpha option (CVE-2005-3662) or by processing a text file with very long lines when using the -text option (CVE-2005-3632). A remote attacker could exploit these to execute arbitrary code by tricking an…

22 November 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-217-1: Inkscape vulnerability

A buffer overflow has been discovered in the SVG importer of Inkscape. By tricking an user into opening a specially crafted SVG image this could be exploited to execute arbitrary code with the privileges of the Inkscape user.

21 November 2005 | ubuntu-5.10

USN-190-2: ucs-snmp vulnerability

USN-190-1 fixed a vulnerability in the net-snmp library. It was discovered that the same problem also affects the ucs-snmp implementation (which is used by the Cyrus email server). Original advisory: A remote Denial of Service has been discovered in the SMNP (Simple Network Management Protocol) library. If a SNMP agent uses TCP sockets for…

21 November 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-216-1: GDK vulnerabilities

Two integer overflows have been discovered in the XPM image loader of the GDK pixbuf library. By tricking an user into opening a specially crafted XPM image with any Gnome desktop application that uses this library, this could be exploited to execute arbitrary code with the privileges of the user running the application. (CVE-2005-2976,…

16 November 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-151-4: rpm vulnerability

USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since lsb-rpm is statically linked against the zlib library, it is also affected by these issues. The updated packagages have been rebuilt against the fixed…

9 November 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-215-1: fetchmailconf vulnerability

Thomas Wolff and Miloslav Trmac discovered a race condition in the fetchmailconf program. The output configuration file was initially created with insecure permissions, and secure permissions were applied after writing the configuration into the file. During this time, the file was world readable on a standard system (unless the user…

8 November 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-214-1: libungif vulnerabilities

Chris Evans discovered several buffer overflows in the libungif library. By tricking an user (or automated system) into processing a specially crafted GIF image, this could be exploited to execute arbitrary code with the privileges of the application using libungif.

7 November 2005 | ubuntu-5.04, ubuntu-4.10

USN-206-2: Fixed lynx packages for USN-206-1

USN-206-1 fixed a security vulnerability in lynx. Unfortunately the fix contained an error that caused lynx to crash under certain circumstances. The updated packages fix this.

29 October 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10