These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-252-1: gnupg vulnerability

Tavis Ormandy discovered a potential weakness in the signature verification of gnupg. gpgv and gpg –verify returned a successful exit code even if the checked file did not have any signature at all. The recommended way of checking the result is to evaluate the status messages, but some third party applications might just check the exit code for…

18 February 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-251-1: libtasn vulnerability

Evgeny Legerov discovered a buffer overflow in the DER format decoding function of the libtasn library. This library is mainly used by the GNU TLS library; by sending a specially crafted X.509 certificate to a server which uses TLS encryption/authentication, a remote attacker could exploit this to crash that server process and possibly…

17 February 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-248-2: unzip regression fix

USN-248-1 fixed a vulnerability in unzip. However, that update inadvertedly changed the field order in the contents listing output, which broke unzip frontends like file-roller. The updated packages fix this regression.

15 February 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-250-1: Linux kernel vulnerability

Herbert Xu discovered a remote Denial of Service vulnerability in the ICMP packet handler. In some situations a memory allocation was released twice, which led to memory corruption. A remote attacker could exploit this to crash the machine.

15 February 2006 | ubuntu-5.10

USN-249-1: xpdf/poppler/kpdf vulnerabilities

The splash image handler in xpdf did not check the validity of coordinates. By tricking a user into opening a specially crafted PDF file, an attacker could exploit this to trigger a buffer overflow which could lead to arbitrary code execution with the privileges of the user. The poppler library and kpdf also contain xpdf code, and thus…

15 February 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-248-1: unzip vulnerability

A buffer overflow was discovered in the handling of file name arguments. By tricking a user or automated system into processing a specially crafted, excessively long file name with unzip, an attacker could exploit this to execute arbitrary code with the user’s privileges.

15 February 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-247-1: Heimdal vulnerability

A privilege escalation flaw has been found in the heimdal rsh (remote shell) server. This allowed an authenticated attacker to overwrite arbitrary files and gain ownership of them. Please note that the heimdal-servers package is not officially supported in Ubuntu (it is in the ‘universe’ component of the archive). However, this affects you if you…

11 February 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-246-1: imagemagick vulnerabilities

Florian Weimer discovered that the delegate code did not correctly handle file names which embed shell commands (CVE-2005-4601). Daniel Kobras found a format string vulnerability in the SetImageInfo() function (CVE-2006-0082). By tricking a user into processing an image file with a specially crafted file name, these two vulnerabilities could be…

25 January 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-245-1: KDE library vulnerability

Maksim Orlovich discovered that kjs, the Javascript interpreter engine used by Konqueror and other parts of KDE, did not sufficiently verify the validity of UTF-8 encoded URIs. Specially crafted URIs could trigger a buffer overflow. By tricking an user into visiting a web site with malicious JavaScript code, a remote attacker could exploit this to…

20 January 2006 | ubuntu-5.10, ubuntu-5.04

USN-244-1: Linux kernel vulnerabilities

Doug Chapman discovered a flaw in the reference counting in the sys_mq_open() function. By calling this function in a special way, a local attacker could exploit this to cause a kernel crash. (CVE-2005-3356) Karl Janmar discovered that the /proc file system module used signed data types in a wrong way. A local attacker could exploit this to…

18 January 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10