These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-304-1: gnupg vulnerability

Evgeny Legerov discovered that GnuPG did not sufficiently check overly large user ID packets. Specially crafted user IDs caused a buffer overflow. By tricking an user or remote automated system into processing a malicous GnuPG message, an attacker could exploit this to crash GnuPG or possibly even execute arbitrary code.

27 June 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-303-1: MySQL vulnerability

An SQL injection vulnerability has been discovered when using less popular multibyte encodings (such as SJIS, or BIG5) which contain valid multibyte characters that end with the byte 0x5c (the representation of the backslash character >>&lt;< in ASCII). Many client libraries and applications use the non-standard, but popular way of escaping the…

17 June 2006 | ubuntu-6.06-lts, ubuntu-5.10

USN-297-2: Thunderbird extensions update for recent security update

USN-297-1 fixed some security vulnerabilities in Thunderbird. This update provides new versions of packaged extensions which work with the current Thunderbird version.

15 June 2006 | ubuntu-6.06-lts

USN-302-1: Linux kernel vulnerabilities

An integer overflow was discovered in the do_replace() function. A local user process with the CAP_NET_ADMIN capability could exploit this to execute arbitrary commands with full root privileges. However, none of Ubuntu’s supported packages use this capability with any non-root user, so this only affects you if you use some third party software…

15 June 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-301-1: kdm vulnerability

Ludwig Nussel discovered that kdm managed the ~/.dmrc file in an insecure way. By performing a symlink attack, a local user could exploit this to read arbitrary files on the system, like private files of other users, /etc/shadow, and similarly sensitive data.

15 June 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-300-1: wv2 vulnerability

libwv2 did not sufficiently check the validity of its input. Certain invalid Word documents caused a buffer overflow. By tricking a user into opening a specially crafted Word file with an application that uses libwv2, this could be exploited to execute arbitrary code with the user’s privileges. The only packaged application using this library is…

15 June 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-299-1: dhcdbd vulnerability

Florian Hackenberger discovered a memory corruption bug in dhcdbd (the NetworkManager daemon for processing DHCP operations). Invalid DHCP responses crashed dhcdbd, which caused NetworkManager to not work any more.

14 June 2006 | ubuntu-6.06-lts

USN-298-1: libgd2 vulnerability

Xavier Roche discovered that libgd’s function for reading GIF image data did not sufficiently verify its validity. Specially crafted GIF images could cause an infinite loop which used up all available CPU resources. Since libgd is often used in PHP and Perl web applications, this could lead to a remote Denial of Service vulnerability.

14 June 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-288-4: dovecot regression fix

USN-288-3 fixed a vulnerability in dovecot. Unfortunately the Ubuntu 6.06 update had a regression which caused authentication using a MySQL database to not work any more. This update fixes this again. We apologize for the inconvenience.

14 June 2006 | ubuntu-6.06-lts

USN-297-1: Thunderbird vulnerabilities

Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious web site could exploit this to execute arbitrary code with the privileges of the user. (MFSA 2006-35, CVE-2006-2775) Paul Nickerson discovered that content-defined setters on an object prototype were getting called by…

14 June 2006 | ubuntu-6.06-lts