These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-461-1: Quagga vulnerability

It was discovered that Quagga did not correctly verify length information sent from configured peers. Remote malicious peers could send a specially crafted UPDATE message which would cause bgpd to abort, leading to a denial of service.

17 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-460-1: Samba vulnerabilities

Paul Griffith and Andrew Hogue discovered that Samba did not fully drop root privileges while translating SIDs. A remote authenticated user could issue SMB operations during a small window of opportunity and gain root privileges. (CVE-2007-2444) Brian Schafer discovered that Samba did not handle NDR parsing correctly. A remote attacker…

16 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-459-1: pptpd vulnerability

A flaw was discovered in the PPTP tunnel server. Remote attackers could send a specially crafted packet and disrupt established PPTP tunnels, leading to a denial of service.

14 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-458-1: MoinMoin vulnerabilities

A flaw was discovered in MoinMoin’s error reporting when using the AttachFile action. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user’s authentication information for the domain where MoinMoin was hosted. (CVE-2007-2423) Flaws were…

8 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-457-1: elinks vulnerability

Arnaud Giersch discovered that elinks incorrectly attempted to load gettext catalogs from a relative path. If a user were tricked into running elinks from a specific directory, a local attacker could execute code with user privileges.

7 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-456-1: net-snmp vulnerability

The SNMP service did not correctly handle TCP disconnects. Remote subagents could cause a denial of service if they dropped a connection at a specific time.

2 May 2007 | ubuntu-6.06-lts

USN-454-1: PostgreSQL vulnerability

PostgreSQL did not handle the “search_path” configuration option in a secure way for functions declared as “SECURITY DEFINER”. Previously, an attacker could override functions and operators used by the security definer function to execute arbitrary SQL commands with the privileges of the user who created the security definer function. The…

27 April 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-455-1: PHP vulnerabilities

Stefan Esser discovered multiple vulnerabilities in the “Month of PHP bugs”. The substr_compare() function did not sufficiently verify its length argument. This might be exploited to read otherwise unaccessible memory, which might lead to information disclosure. (CVE-2007-1375) The shared memory (shmop) functions did not verify resource…

27 April 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-453-2: rdesktop regression

USN-453-1 provided an updated libx11 package to fix a security vulnerability. This triggered an error in rdesktop so that it crashed on startup. This update fixes the problem.

26 April 2007 | ubuntu-6.10, ubuntu-6.06-lts

USN-453-1: X.org vulnerability

Multiple integer overflows were found in the XGetPixel function of libx11. If a user were tricked into opening a specially crafted XWD image, remote attackers could execute arbitrary code with user privileges.

18 April 2007 | ubuntu-6.10, ubuntu-6.06-lts