These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-336-1: binutils vulnerability

A buffer overflow was discovered in gas (the GNU assembler). By tricking an user or automated system (like a compile farm) into assembling a specially crafted source file with gcc or gas, this could be exploited to execute arbitrary code with the user’s privileges.

17 August 2006 | ubuntu-5.10, ubuntu-5.04

USN-335-1: heartbeat vulnerability

Yan Rong Ge discovered that heartbeat did not sufficiently verify some packet input data, which could lead to an out-of-boundary memory access. A remote attacker could exploit this to crash the daemon (Denial of Service).

16 August 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-334-1: krb5 vulnerabilities

Michael Calmer and Marcus Meissner discovered that several krb5 tools did not check the return values from setuid() system calls. On systems that have configured user process limits, it may be possible for an attacker to cause setuid() to fail via resource starvation. In that situation, the tools will not reduce their privilege levels, and…

16 August 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-333-1: libwmf vulnerability

An integer overflow was found in the handling of the MaxRecordSize field in the WMF header parser. By tricking a user into opening a specially crafted WMF image file with an application that uses this library, an attacker could exploit this to execute arbitrary code with the user’s privileges.

9 August 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-332-1: gnupg vulnerability

Evgeny Legerov discovered that gnupg did not sufficiently check the validity of the comment and a control field. Specially crafted GPG data could cause a buffer overflow. This could be exploited to execute arbitrary code with the user’s privileges if an attacker can trick an user into processing a malicious encrypted/signed document with gnupg.

3 August 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-331-1: Linux kernel vulnerabilities

A Denial of service vulnerability was reported in iptables’ SCTP conntrack module. On computers which use this iptables module, a remote attacker could expoit this to trigger a kernel crash. (CVE-2006-2934) A buffer overflow has been discovered in the dvd_read_bca() function. By inserting a specially crafted DVD, USB stick, or…

3 August 2006 | ubuntu-6.06-lts

USN-330-1: tiff vulnerabilities

Tavis Ormandy discovered that the TIFF library did not sufficiently check handled images for validity. By tricking an user or an automated system into processing a specially crafted TIFF image, an attacker could exploit these weaknesses to execute arbitrary code with the target application’s privileges. This library is used in many client and…

3 August 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-327-2: firefox regression

USN-327-1 fixed several vulnerabilities in Firefox. Unfortunately the new version introduced a regression in the handling of streamed media. Embedded media which were linked with a scheme other than http:// did not work any more. This update fixes this regression.

1 August 2006 | ubuntu-6.06-lts

USN-329-1: Thunderbird vulnerabilities

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2006-3113, CVE-2006-3802, CVE-2006-3803,…

29 July 2006 | ubuntu-6.06-lts

USN-328-1: Apache vulnerability

Mark Dowd discovered an off-by-one buffer overflow in the mod_rewrite module’s ldap scheme handling. On systems which activate “RewriteEngine on”, a remote attacker could exploit certain rewrite rules to crash Apache, or potentially even execute arbitrary code (this has not been verified). “RewriteEngine on” is disabled by default. Systems which…

28 July 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04