These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-468-1: Firefox vulnerabilities

Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user’s privileges. (CVE-2007-2867, CVE-2007-2868) A flaw was discovered in the form autocomplete feature. By tricking a user into opening a malicious web page, an attacker…

1 June 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-467-1: Gimp vulnerability

It was discovered that Gimp did not correctly handle RAS image format color tables. By tricking a user into opening a specially crafted RAS file with Gimp, an attacker could exploit this to execute arbitrary code with the user’s privileges.

31 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-466-1: freetype vulnerability

Victor Stinner discovered that freetype did not correctly verify the number of points in a TrueType font. If a user were tricked into using a specially crafted font, a remote attacker could execute arbitrary code with user privileges.

30 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-465-1: PulseAudio vulnerability

Luigi Auriemma discovered multiple flaws in pulseaudio’s network processing code. If an unauthenticated attacker sent specially crafted requests to the pulseaudio daemon, it would crash, resulting in a denial of service.

25 May 2007 | ubuntu-7.04

USN-464-1: Linux kernel vulnerabilities

Philipp Richter discovered that the AppleTalk protocol handler did not sufficiently verify the length of packets. By sending a crafted AppleTalk packet, a remote attacker could exploit this to crash the kernel. (CVE-2007-1357) Gabriel Campana discovered that the do_ipv6_setsockopt() function did not sufficiently verifiy option values for…

24 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-463-1: vim vulnerability

Tomas Golembiovsky discovered that some vim commands were accidentally allowed in modelines. By tricking a user into opening a specially crafted file in vim, an attacker could execute arbitrary code with user privileges.

23 May 2007 | ubuntu-7.04, ubuntu-6.10

USN-462-1: PHP vulnerabilities

A flaw was discovered in the FTP command handler in PHP. Commands were not correctly filtered for control characters. An attacker could issue arbitrary FTP commands using specially crafted arguments. (CVE-2007-2509) Ilia Alshanetsky discovered a buffer overflow in the SOAP request handler in PHP. Remote attackers could send a specially…

22 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-460-2: Samba regression

USN-460-1 fixed several vulnerabilities in Samba. The upstream changes for CVE-2007-2444 had an unexpected side-effect in Feisty. Shares configured with the “force group” option no longer behaved correctly. This update corrects the problem. We apologize for the inconvenience. Original advisory details: Paul Griffith and Andrew Hogue…

22 May 2007 | ubuntu-7.04

USN-459-2: pptpd regression

USN-459-1 fixed vulnerabilities in pptpd. However, a portion of the fix caused a regression in session establishment under Dapper for certain PPTP clients. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the PPTP tunnel server. Remote attackers could send a specially…

21 May 2007 | ubuntu-6.06-lts

USN-436-2: KTorrent vulnerability

USN-436-1 fixed a vulnerability in KTorrent. The original fix for path traversal was incomplete, allowing for alternate vectors of attack. This update solves the problem. Original advisory details: Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent…

18 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts