These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-145-1: wget vulnerabilities

Jan Minar discovered a path traversal vulnerability in wget. If the name “..” was a valid host name (which can be achieved with a malicious or poisoned domain name server), it was possible to trick wget into creating downloaded files into arbitrary locations with arbitrary names. For example, wget could silently overwrite the users ~/.bashrc and…

28 June 2005 | ubuntu-5.04, ubuntu-4.10

USN-144-1: dbus vulnerability

Besides providing the global system-wide communication bus, dbus also offers per-user “session” buses which applications in an user’s session can create and use to communicate with each other. Daniel Reed discovered that the default configuration of the session dbus allowed a local user to connect to another user’s session bus if its address was…

28 June 2005 | ubuntu-4.10

USN-143-1: Linux amd64 kernel vulnerabilities

A Denial of Service vulnerability has been discovered in the ptrace() call on the amd64 platform. By calling ptrace() with specially crafted (“non-canonical”) addresses, a local attacker could cause the kernel to crash. This only affects the amd64 platform. (CAN-2005-1762) ZouNanHai discovered that a local user could hang the kernel by invoking…

27 June 2005 | ubuntu-5.04, ubuntu-4.10

USN-142-1: sudo vulnerability

Charles Morris discovered a race condition in sudo which could lead to privilege escalation. If /etc/sudoers allowed a user the execution of selected programs, and this was followed by another line containing the pseudo-command “ALL”, that user could execute arbitrary commands with sudo by creating symbolic links at a certain time. Please note…

21 June 2005 | ubuntu-5.04, ubuntu-4.10

USN-141-1: tcpdump vulnerability

It was discovered that certain invalid BGP packets triggered an infinite loop in tcpdump, which caused tcpdump to stop working. This could be abused by a remote attacker to bypass tcpdump analysis of network traffic.

21 June 2005 | ubuntu-5.04, ubuntu-4.10

USN-140-1: Gaim vulnerability

A remote Denial of Service vulnerability was discovered in Gaim. A remote attacker could crash the Gaim client of an MSN user by sending a specially crafted MSN package which states an invalid body length in the header.

15 June 2005 | ubuntu-5.04, ubuntu-4.10

USN-139-1: Gaim vulnerability

A remote Denial of Service vulnerability was discovered in Gaim. By initiating a file transfer with a file name containing certain international characters (like an accented “a”), a remote attacker could crash the Gaim client of an arbitrary Yahoo IM member.

10 June 2005 | ubuntu-5.04, ubuntu-4.10

USN-138-1: gedit vulnerability

A format string vulnerability has been discovered in gedit. Calling the program with specially crafted file names caused a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the gedit user. This becomes security relevant if e. g. your web browser is configued to open URLs in gedit. If you never open…

9 June 2005 | ubuntu-5.04, ubuntu-4.10

USN-137-1: Linux kernel vulnerabilities

Alexander Nyberg discovered that ptrace() insufficiently validated addresses on the amd64 platform so that it was possible to set an invalid segment base. A local attacker could exploit this to crash the kernel. This does not affect the i386 and powerpc platforms in any way. (CAN-2005-0756) Chris Wright discovered that the mmap() function could…

8 June 2005 | ubuntu-5.04, ubuntu-4.10

USN-136-2: Fixed packages for USN-136-1

It was discovered that the packages from USN-136-1 had a flawed patch with regressions that caused the ld linker to fail. The updated packages fix this. We apologize for the inconvenience.

27 May 2005 | ubuntu-5.04, ubuntu-4.10