These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-367-1: Pike vulnerability

An SQL injection was discovered in Pike’s PostgreSQL module. Applications using a PostgreSQL database and uncommon character encodings could be fooled into running arbitrary SQL commands, which could result in privilege escalation within the application, application data exposure, or denial of service. Please refer to…

18 October 2006 | ubuntu-5.04

USN-366-1: binutils vulnerability

A buffer overflow was discovered in gas (the GNU assembler). By tricking an user or automated system (like a compile farm) into assembling a specially crafted source file with gcc or gas, this could be exploited to execute arbitrary code with the user’s privileges.

18 October 2006 | ubuntu-5.10

USN-365-1: libksba vulnerability

A parsing failure was discovered in the handling of X.509 certificates that contained extra trailing data. Malformed or malicious certificates could cause services using libksba to crash, potentially creating a denial of service.

16 October 2006 | ubuntu-5.04

USN-364-1: Xsession vulnerability

A race condition existed that would allow other local users to see error messages generated during another user’s X session. This could allow potentially sensitive information to be leaked.

16 October 2006 | ubuntu-6.06-lts, ubuntu-5.10

USN-363-1: libmusicbrainz vulnerability

Luigi Auriemma discovered multiple buffer overflows in libmusicbrainz. When a user made queries to MusicBrainz servers, it was possible for malicious servers, or man-in-the-middle systems posing as servers, to send a crafted reply to the client request and remotely gain access to the user’s system with the user’s privileges.

11 October 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-362-1: PHP vulnerabilities

The stripos() function did not check for invalidly long or empty haystack strings. In an application that uses this function on arbitrary untrusted data this could be exploited to crash the PHP interpreter. (CVE-2006-4485) An integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the “memory_limit” setting…

11 October 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-361-1: Mozilla vulnerabilities

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious URL. (CVE-2006-2788, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-4565, CVE-2006-4568, CVE-2006-4571) A bug was found in the script handler for automatic…

10 October 2006 | ubuntu-5.10, ubuntu-5.04

USN-360-1: awstats vulnerabilities

awstats did not fully sanitize input, which was passed directly to the user’s browser, allowing for an XSS attack. If a user was tricked into following a specially crafted awstats URL, the user’s authentication information could be exposed for the domain where awstats was hosted. (CVE-2006-3681) awstats could display its installation path under…

10 October 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-359-1: Python vulnerability

Benjamin C. Wiley Sittler discovered that Python’s repr() function did not properly handle UTF-32/UCS-4 strings. If an application uses repr() on arbitrary untrusted data, this could be exploited to execute arbitrary code with the privileges of the python application.

6 October 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-357-1: Mono vulnerability

Sebastian Krahmer of the SuSE security team discovered that the System.CodeDom.Compiler classes used temporary files in an insecure way. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Under some circumstances, a local attacker could also exploit this to inject…

5 October 2006 | ubuntu-6.06-lts, ubuntu-5.10