These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.
A buffer overflow was discovered in the handling of file name arguments. By tricking a user or automated system into processing a specially crafted, excessively long file name with unzip, an attacker could exploit this to execute arbitrary code with the user’s privileges.
15 February 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10
A privilege escalation flaw has been found in the heimdal rsh (remote shell) server. This allowed an authenticated attacker to overwrite arbitrary files and gain ownership of them. Please note that the heimdal-servers package is not officially supported in Ubuntu (it is in the ‘universe’ component of the archive). However, this affects you if you…
11 February 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10
Florian Weimer discovered that the delegate code did not correctly handle file names which embed shell commands (CVE-2005-4601). Daniel Kobras found a format string vulnerability in the SetImageInfo() function (CVE-2006-0082). By tricking a user into processing an image file with a specially crafted file name, these two vulnerabilities could be…
25 January 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10
20 January 2006 | ubuntu-5.10, ubuntu-5.04
Doug Chapman discovered a flaw in the reference counting in the sys_mq_open() function. By calling this function in a special way, a local attacker could exploit this to cause a kernel crash. (CVE-2005-3356) Karl Janmar discovered that the /proc file system module used signed data types in a wrong way. A local attacker could exploit this to…
18 January 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10
Javier Fern�ndez-Sanguino Pe�a discovered that the tuxpaint-import.sh script created a temporary file in an insecure way. This could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user running tuxpaint.
16 January 2006 | ubuntu-5.10
Aliet Santiesteban Sifontes discovered a remote Denial of Service vulnerability in the attachment handler. An email with an attachment whose filename contained invalid UTF-8 characters caused mailman to crash. (CVE-2005-3573) Mailman did not sufficiently verify the validity of email dates. Very large numbers in dates caused mailman to crash….
16 January 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10
The “mod_imap” module (which provides support for image maps) did not properly escape the “referer” URL which rendered it vulnerable against a cross-site scripting attack. A malicious web page (or HTML email) could trick a user into visiting a site running the vulnerable mod_imap, and employ cross-site-scripting techniques to gather sensitive…
13 January 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10
A buffer overflow was found in bogofilter’s character set conversion handling. Certain invalid UTF-8 character sequences caused an invalid memory access. By sending a specially crafted email, a remote attacker could exploit this to crash bogofilter or possibly even execute arbitrary code with bogofilter’s privileges.
12 January 2006 | ubuntu-5.10
USN-194-1 fixed a vulnerability in the ‘texindex’ program. Unfortunately this update introduced a regression that caused the program to abort when cleaning up temporary files (which are used with extraordinarily large input files). The updated packages fix this.
9 January 2006 | ubuntu-5.10, ubuntu-5.04
- ubuntu 18.10
- ubuntu 18.04 LTS
- ubuntu 17.10
- ubuntu 17.04
- ubuntu 16.10
- ubuntu 16.04 LTS
- ubuntu 15.10
- ubuntu 15.04
- ubuntu 14.10
- ubuntu 14.04 LTS
- ubuntu 13.10
- ubuntu 13.04
- ubuntu 12.10
- ubuntu 12.04 LTS
- ubuntu 11.10
- ubuntu 11.04
- ubuntu 10.10
- ubuntu 10.04 LTS
- ubuntu 9.10
- ubuntu 9.04
- ubuntu 8.10
- ubuntu 8.04 LTS
- ubuntu 7.10
- ubuntu 7.04
- ubuntu 6.10
- ubuntu 6.06 LTS
- ubuntu 5.10
- ubuntu 5.04
- ubuntu 4.10