These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-312-1: gimp vulnerability

Henning Makholm discovered that gimp did not sufficiently validate the ‘num_axes’ parameter in XCF files. By tricking a user into opening a specially crafted XCF file with Gimp, an attacker could exploit this to execute arbitrary code with the user’s privileges.

10 July 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-310-1: ppp vulnerability

Marcus Meissner discovered that the winbind plugin of pppd does not check the result of the setuid() call. On systems that configure PAM limits for the maximum number of user processes and enable the winbind plugin, a local attacker could exploit this to execute the winbind NTLM authentication helper as root. Depending on the local…

6 July 2006 | ubuntu-6.06-lts, ubuntu-5.10

USN-309-1: libmms vulnerability

Several buffer overflows were found in libmms. By tricking a user into opening a specially crafted remote multimedia stream with an application using libmms, a remote attacker could overwrite an arbitrary memory portion with zeros, thereby crashing the program. In Ubuntu 5.10, this affects the GStreamer MMS plugin (gstreamer0.8-mms). Other Ubuntu…

6 July 2006 | ubuntu-5.10

USN-308-1: shadow vulnerability

Ilja van Sprundel discovered that passwd, when called with the -f, -g, or -s option, did not check the result of the setuid() call. On systems that configure PAM limits for the maximum number of user processes, a local attacker could exploit this to execute chfn, gpasswd, or chsh with root privileges. This does not affect the default…

6 July 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-307-1: mutt vulnerability

TAKAHASHI Tamotsu discovered that mutt’s IMAP backend did not sufficiently check the validity of namespace strings. If an user connects to a malicious IMAP server, that server could exploit this to crash mutt or even execute arbitrary code with the privileges of the mutt user.

28 June 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-306-1: MySQL 4.1 vulnerability

MySQL did not correctly handle NULL as the second argument to the str_to_date() function. An authenticated user could exploit this to crash the server.

27 June 2006 | ubuntu-5.10

USN-305-1: OpenLDAP vulnerability

When processing overly long host names in OpenLDAP’s slurpd replication server, a buffer overflow caused slurpd to crash. If an attacker manages to inject a specially crafted host name into slurpd, this might also be exploited to execute arbitrary code with slurpd’s privileges; however, since slurpd is usually set up to replicate only trusted…

27 June 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-304-1: gnupg vulnerability

Evgeny Legerov discovered that GnuPG did not sufficiently check overly large user ID packets. Specially crafted user IDs caused a buffer overflow. By tricking an user or remote automated system into processing a malicous GnuPG message, an attacker could exploit this to crash GnuPG or possibly even execute arbitrary code.

27 June 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-303-1: MySQL vulnerability

An SQL injection vulnerability has been discovered when using less popular multibyte encodings (such as SJIS, or BIG5) which contain valid multibyte characters that end with the byte 0x5c (the representation of the backslash character >>&lt;< in ASCII). Many client libraries and applications use the non-standard, but popular way of escaping the…

17 June 2006 | ubuntu-6.06-lts, ubuntu-5.10

USN-297-2: Thunderbird extensions update for recent security update

USN-297-1 fixed some security vulnerabilities in Thunderbird. This update provides new versions of packaged extensions which work with the current Thunderbird version.

15 June 2006 | ubuntu-6.06-lts