These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-460-2: Samba regression

USN-460-1 fixed several vulnerabilities in Samba. The upstream changes for CVE-2007-2444 had an unexpected side-effect in Feisty. Shares configured with the “force group” option no longer behaved correctly. This update corrects the problem. We apologize for the inconvenience. Original advisory details: Paul Griffith and Andrew Hogue…

22 May 2007 | ubuntu-7.04

USN-459-2: pptpd regression

USN-459-1 fixed vulnerabilities in pptpd. However, a portion of the fix caused a regression in session establishment under Dapper for certain PPTP clients. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the PPTP tunnel server. Remote attackers could send a specially…

21 May 2007 | ubuntu-6.06-lts

USN-436-2: KTorrent vulnerability

USN-436-1 fixed a vulnerability in KTorrent. The original fix for path traversal was incomplete, allowing for alternate vectors of attack. This update solves the problem. Original advisory details: Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent…

18 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-461-1: Quagga vulnerability

It was discovered that Quagga did not correctly verify length information sent from configured peers. Remote malicious peers could send a specially crafted UPDATE message which would cause bgpd to abort, leading to a denial of service.

17 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-460-1: Samba vulnerabilities

Paul Griffith and Andrew Hogue discovered that Samba did not fully drop root privileges while translating SIDs. A remote authenticated user could issue SMB operations during a small window of opportunity and gain root privileges. (CVE-2007-2444) Brian Schafer discovered that Samba did not handle NDR parsing correctly. A remote attacker…

16 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-459-1: pptpd vulnerability

A flaw was discovered in the PPTP tunnel server. Remote attackers could send a specially crafted packet and disrupt established PPTP tunnels, leading to a denial of service.

14 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-458-1: MoinMoin vulnerabilities

A flaw was discovered in MoinMoin’s error reporting when using the AttachFile action. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user’s authentication information for the domain where MoinMoin was hosted. (CVE-2007-2423) Flaws were…

8 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-457-1: elinks vulnerability

Arnaud Giersch discovered that elinks incorrectly attempted to load gettext catalogs from a relative path. If a user were tricked into running elinks from a specific directory, a local attacker could execute code with user privileges.

7 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-456-1: net-snmp vulnerability

The SNMP service did not correctly handle TCP disconnects. Remote subagents could cause a denial of service if they dropped a connection at a specific time.

2 May 2007 | ubuntu-6.06-lts

USN-454-1: PostgreSQL vulnerability

PostgreSQL did not handle the “search_path” configuration option in a secure way for functions declared as “SECURITY DEFINER”. Previously, an attacker could override functions and operators used by the security definer function to execute arbitrary SQL commands with the privileges of the user who created the security definer function. The…

27 April 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts