These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-285-1: awstats vulnerability

AWStats did not properly sanitize the ‘migrate’ CGI parameter. If the update of the stats via web front-end is allowed, a remote attacker could execute arbitrary commands on the server with the privileges of the AWStats server. This does not affect AWStats installations which only build static pages.

23 May 2006 | ubuntu-5.10, ubuntu-5.04

USN-284-1: Quagga vulnerabilities

Paul Jakma discovered that Quagga’s ripd daemon did not properly handle authentication of RIPv1 requests. If the RIPv1 protocol had been disabled, or authentication for RIPv2 had been enabled, ripd still replied to RIPv1 requests, which could lead to information disclosure. (CVE-2006-2223) Paul Jakma also noticed that ripd accepted…

16 May 2006 | ubuntu-5.10, ubuntu-5.04

USN-274-2: MySQL vulnerability

USN-274-1 fixed a logging bypass in the MySQL server. Unfortunately it was determined that the original update was not sufficient to completely fix the vulnerability, thus another update is necessary. We apologize for the inconvenience. For reference, these are the details of the original USN: A logging bypass was discovered in the MySQL query…

15 May 2006 | ubuntu-5.10, ubuntu-5.04

USN-283-1: MySQL vulnerabilities

Stefano Di Paola discovered an information leak in the login packet parser. By sending a specially crafted malformed login packet, a remote attacker could exploit this to read a random piece of memory, which could potentially reveal sensitive data. (CVE-2006-1516) Stefano Di Paola also found a similar information leak in the parser for the…

8 May 2006 | ubuntu-5.10, ubuntu-5.04

USN-282-1: Nagios vulnerability

The nagios CGI scripts did not sufficiently check the validity of the HTTP Content-Length attribute. By sending a specially crafted HTTP request with a negative Content-Length value to the Nagios server, a remote attacker could exploit this to execute arbitrary code with web server privileges. Please note that the Apache 2 web server already…

8 May 2006 | ubuntu-5.10, ubuntu-5.04

USN-280-1: X.org server vulnerability

The Render extension of the X.org server incorrectly calculated the size of a memory buffer, which led to a buffer overflow. A local attacker could exploit this to crash the X server or even execute arbitrary code with root privileges.

4 May 2006 | ubuntu-5.10, ubuntu-5.04

USN-281-1: Linux kernel vulnerabilities

The sys_mbind() function did not properly verify the validity of the ‘maxnod’ argument. A local user could exploit this to trigger a buffer overflow, which caused a kernel crash. (CVE-2006-0557) The SELinux module did not correctly handle the tracer SID when a process was already being traced. A local attacker could exploit this to cause a kernel…

4 May 2006 | ubuntu-5.10, ubuntu-5.04

USN-279-1: libnasl/nessus vulnerability

Jayesh KS discovered that the nasl_split() function in the NASL (Nessus Attack Scripting Language) library did not check for a zero-length separator argument, which lead to an invalid memory allocation. This library is primarily used in the Nessus security scanner; a remote attacker could exploit this vulnerability to cause the Nessus daemon to…

4 May 2006 | ubuntu-5.10, ubuntu-5.04

USN-278-1: gdm vulnerability

Marcus Meissner discovered a race condition in gdm’s handling of the ~/.ICEauthority file permissions. A local attacker could exploit this to become the owner of an arbitrary file in the system. When getting control over automatically executed scripts (like cron jobs), the attacker could eventually leverage this flaw to execute arbitrary commands…

4 May 2006 | ubuntu-5.10, ubuntu-5.04

USN-277-1: TIFF library vulnerabilities

Tavis Ormandy and Andrey Kiselev discovered that libtiff did not sufficiently verify the validity of TIFF files. By tricking an user into opening a specially crafted TIFF file with any application that uses libtiff, an attacker could exploit this to crash the application or even execute arbitrary code with the application’s privileges.

4 May 2006 | ubuntu-5.10, ubuntu-5.04