These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-452-1: KDE library vulnerability

The Qt library did not correctly handle truncated UTF8 strings, which could cause some applications to incorrectly filter malicious strings. If a Konqueror user were tricked into visiting a web site containing specially crafted strings, normal XSS prevention could be bypassed allowing a remote attacker to steal confidential data.

11 April 2007 | ubuntu-6.10, ubuntu-6.06-lts, ubuntu-5.10

USN-451-1: Linux kernel vulnerabilities

The kernel key management code did not correctly handle key reuse. A local attacker could create many key requests, leading to a denial of service. (CVE-2007-0006) The kernel NFS code did not correctly validate NFSACL2 ACCESS requests. If a system was serving NFS mounts, a remote attacker could send a specially crafted packet, leading to a…

11 April 2007 | ubuntu-6.10, ubuntu-6.06-lts

USN-450-1: ipsec-tools vulnerability

A flaw was discovered in the IPSec key exchange server “racoon”. Remote attackers could send a specially crafted packet and disrupt established IPSec tunnels, leading to a denial of service.

9 April 2007 | ubuntu-6.10, ubuntu-6.06-lts, ubuntu-5.10

USN-449-1: krb5 vulnerabilities

The krb5 telnet service did not appropriately verify user names. A remote attacker could log in as the root user by requesting a specially crafted user name. (CVE-2007-0956) The krb5 syslog library did not correctly verify the size of log messages. A remote attacker could send a specially crafted message and execute arbitrary code with root…

4 April 2007 | ubuntu-6.10, ubuntu-6.06-lts, ubuntu-5.10

USN-448-1: X.org vulnerabilities

Sean Larsson of iDefense Labs discovered that the MISC-XC extension of Xorg did not correctly verify the size of allocated memory. An authenticated user could send a specially crafted X11 request and execute arbitrary code with root privileges. (CVE-2007-1003) Greg MacManus of iDefense Labs discovered that the BDF font handling code in Xorg…

3 April 2007 | ubuntu-6.10, ubuntu-6.06-lts, ubuntu-5.10

USN-447-1: KDE library vulnerabilities

It was discovered that Konqueror did not correctly handle iframes from JavaScript. If a user were tricked into visiting a malicious website, Konqueror could crash, resulting in a denial of service. (CVE-2007-1308) A flaw was discovered in how Konqueror handled PASV FTP responses. If a user were tricked into visiting a malicious FTP server, a…

29 March 2007 | ubuntu-6.10, ubuntu-6.06-lts, ubuntu-5.10

USN-446-1: NAS vulnerabilities

Luigi Auriemma discovered multiple flaws in the Network Audio System server. Remote attackers could send specially crafted network requests that could lead to a denial of service or execution of arbitrary code. Note that default Ubuntu installs do not include the NAS server.

28 March 2007 | ubuntu-6.10, ubuntu-6.06-lts, ubuntu-5.10

USN-445-1: XMMS vulnerabilities

Sven Krewitt of Secunia Research discovered that XMMS did not correctly handle BMP images when loading GUI skins. If a user were tricked into loading a specially crafted skin, a remote attacker could execute arbitrary code with user privileges.

27 March 2007 | ubuntu-6.10, ubuntu-6.06-lts, ubuntu-5.10

USN-444-1: OpenOffice.org vulnerabilities

A stack overflow was discovered in OpenOffice.org’s StarCalc parser. If a user were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges. (CVE-2007-0238) A flaw was discovered in OpenOffice.org’s link handling code. If a user were tricked into clicking a link in a specially…

27 March 2007 | ubuntu-6.10, ubuntu-6.06-lts, ubuntu-5.10

USN-443-1: Firefox vulnerability

A flaw was discovered in how Firefox handled PASV FTP responses. If a user were tricked into visiting a malicious FTP server, a remote attacker could perform a port-scan of machines within the user’s network, leading to private information disclosure.

27 March 2007 | ubuntu-6.10, ubuntu-6.06-lts, ubuntu-5.10