These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-248-1: unzip vulnerability

A buffer overflow was discovered in the handling of file name arguments. By tricking a user or automated system into processing a specially crafted, excessively long file name with unzip, an attacker could exploit this to execute arbitrary code with the user’s privileges.

15 February 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-247-1: Heimdal vulnerability

A privilege escalation flaw has been found in the heimdal rsh (remote shell) server. This allowed an authenticated attacker to overwrite arbitrary files and gain ownership of them. Please note that the heimdal-servers package is not officially supported in Ubuntu (it is in the ‘universe’ component of the archive). However, this affects you if you…

11 February 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-246-1: imagemagick vulnerabilities

Florian Weimer discovered that the delegate code did not correctly handle file names which embed shell commands (CVE-2005-4601). Daniel Kobras found a format string vulnerability in the SetImageInfo() function (CVE-2006-0082). By tricking a user into processing an image file with a specially crafted file name, these two vulnerabilities could be…

25 January 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-245-1: KDE library vulnerability

Maksim Orlovich discovered that kjs, the Javascript interpreter engine used by Konqueror and other parts of KDE, did not sufficiently verify the validity of UTF-8 encoded URIs. Specially crafted URIs could trigger a buffer overflow. By tricking an user into visiting a web site with malicious JavaScript code, a remote attacker could exploit this to…

20 January 2006 | ubuntu-5.10, ubuntu-5.04

USN-244-1: Linux kernel vulnerabilities

Doug Chapman discovered a flaw in the reference counting in the sys_mq_open() function. By calling this function in a special way, a local attacker could exploit this to cause a kernel crash. (CVE-2005-3356) Karl Janmar discovered that the /proc file system module used signed data types in a wrong way. A local attacker could exploit this to…

18 January 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-243-1: tuxpaint vulnerability

Javier Fern�ndez-Sanguino Pe�a discovered that the tuxpaint-import.sh script created a temporary file in an insecure way. This could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user running tuxpaint.

16 January 2006 | ubuntu-5.10

USN-242-1: mailman vulnerabilities

Aliet Santiesteban Sifontes discovered a remote Denial of Service vulnerability in the attachment handler. An email with an attachment whose filename contained invalid UTF-8 characters caused mailman to crash. (CVE-2005-3573) Mailman did not sufficiently verify the validity of email dates. Very large numbers in dates caused mailman to crash….

16 January 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-241-1: Apache vulnerabilities

The “mod_imap” module (which provides support for image maps) did not properly escape the “referer” URL which rendered it vulnerable against a cross-site scripting attack. A malicious web page (or HTML email) could trick a user into visiting a site running the vulnerable mod_imap, and employ cross-site-scripting techniques to gather sensitive…

13 January 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-240-1: bogofilter vulnerability

A buffer overflow was found in bogofilter’s character set conversion handling. Certain invalid UTF-8 character sequences caused an invalid memory access. By sending a specially crafted email, a remote attacker could exploit this to crash bogofilter or possibly even execute arbitrary code with bogofilter’s privileges.

12 January 2006 | ubuntu-5.10

USN-194-2: texinfo regression fix

USN-194-1 fixed a vulnerability in the ‘texindex’ program. Unfortunately this update introduced a regression that caused the program to abort when cleaning up temporary files (which are used with extraordinarily large input files). The updated packages fix this.

9 January 2006 | ubuntu-5.10, ubuntu-5.04