These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-169-1: Linux kernel vulnerabilities

David Howells discovered a local Denial of Service vulnerability in the key session joining function. Under certain user-triggerable conditions, a semaphore was not released properly, which caused processes which also attempted to join a key session to hang forever. This only affects Ubuntu 5.04 (Hoary Hedgehog). (CAN-2005-2098) David Howells…

19 August 2005 | ubuntu-5.04, ubuntu-4.10

USN-168-1: Gaim vulnerabilities

Daniel Atallah discovered a Denial of Service vulnerability in the file transfer handler of OSCAR (the module that handles various instant messaging protocols like ICQ). A remote attacker could crash the Gaim client of an user by attempting to send him a file with a name that contains invalid UTF-8 characters. (CAN-2005-2102) It was found that…

12 August 2005 | ubuntu-5.04, ubuntu-4.10

USN-167-1: AWStats vulnerability

Peter Vreugdenhil discovered a command injection vulnerability in AWStats. As part of the statistics reporting function, AWStats displays information about the most common referrer values that caused users to visit the website. Referer URLs could be crafted in a way that they contained arbitrary Perl code which would have been executed with the…

12 August 2005 | ubuntu-5.04

USN-166-1: Evolution vulnerabilities

Ulf Harnhammar disovered several format string vulnerabilities in Evolution. By tricking an user into viewing a specially crafted vCard attached to an email, specially crafted contact data from an LDAP server, specially crafted task lists from remote servers, or saving Calendar entries with this malicious task list data, it was possible for an…

11 August 2005 | ubuntu-5.04, ubuntu-4.10

USN-165-1: heartbeat vulnerability

Eric Romang discovered that heartbeat created temporary files in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with root privileges as soon as heartbeat is started.

11 August 2005 | ubuntu-5.04, ubuntu-4.10

USN-164-1: netpbm vulnerability

Max Vozeler discovered that the the “pstopnm” conversion tool did not use the -dSAFER option when calling ghostscript. This option prohibits file operations and calling commands within PostScript code. This flaw could be exploited by an attacker to execute arbitrary code if he tricked an user (or an automatic server) into processing a…

11 August 2005 | ubuntu-5.04, ubuntu-4.10

USN-163-1: xpdf vulnerability

xpdf and kpdf did not sufficiently verify the validity of the “loca” table in PDF files, a table that contains glyph description information for embedded TrueType fonts. After detecting the broken table, xpdf attempted to reconstruct the information in it, which caused the generation of a huge temporary file that quickly filled up available disk…

10 August 2005 | ubuntu-5.04, ubuntu-4.10

USN-162-1: ekg and Gadu library vulnerabilities

Marcin Owsiany and Wojtek Kaniewski discovered that some contributed scripts (contrib/ekgh, contrib/ekgnv.sh, and contrib/getekg.sh) in the ekg package created temporary files in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the script. (CAN-2005-1850) Marcin…

9 August 2005 | ubuntu-5.04

USN-161-1: bzip2 utility vulnerability

USN-158-1 fixed a command injection vulnerability in the “zgrep” utility. It was determined that the “bzgrep” counterpart in the bzip2 package is vulnerable to the same flaw. bzgrep did not handle shell metacharacters like ‘|’ and ‘&’ properly when they occurred in input file names. This could be exploited to execute arbitrary commands with user…

5 August 2005 | ubuntu-5.04, ubuntu-4.10

USN-160-1: Apache 2 vulnerabilities

Marc Stern discovered a buffer overflow in the SSL module’s certificate revocation list (CRL) handler. If Apache is configured to use a malicious CRL, this could possibly lead to a server crash or arbitrary code execution with the privileges of the Apache web server. (CAN-2005-1268) Watchfire discovered that Apache insufficiently verified…

4 August 2005 | ubuntu-5.04, ubuntu-4.10