These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-93-1: Squid vulnerability

A race condition was discovered in the handling of “Set-Cookie” headers. If the obsolete Netscape recommendation was used for handling cookies in the cache, it was possible for an attacker to steal the cookies of other users.

8 March 2005 | ubuntu-4.10

USN-92-1: LessTif vulnerabilities

Several vulnerabilities have been found in the XPM image decoding functions of the LessTif library. If an attacker tricked a user into loading a malicious XPM image with an application that uses LessTif, he could exploit this to execute arbitrary code in the context of the user opening the image. Ubuntu does not contain any server applications…

8 March 2005 | ubuntu-4.10

USN-91-1: EXIF library vulnerability

Sylvain Defresne discovered that the EXIF library did not properly validate the structure of the EXIF tags. By tricking a user to load an image with a malicious EXIF tag, an attacker could exploit this to crash the process using the library, or even execute arbitrary code with the privileges of the process.

8 March 2005 | ubuntu-4.10

USN-90-1: Imagemagick vulnerability

Tavis Ormandy discovered a format string vulnerability in ImageMagick’s file name handling. Specially crafted file names could cause a program using ImageMagick to crash, or possibly even cause execution of arbitrary code. Since ImageMagick can be used in custom printing systems, this also might lead to privilege escalation (execute code with the…

3 March 2005 | ubuntu-4.10

USN-89-1: XML library vulnerabilities

Several buffer overflows have been discovered in libxml’s FTP connection and DNS resolution functions. Supplying very long FTP URLs or IP addresses might result in execution of arbitrary code with the privileges of the process using libxml. This does not affect the core XML parsing code, which is what the majority of programs use this library…

28 February 2005 | ubuntu-4.10

USN-88-1: reportbug information disclosure

Rolf Leggewie discovered two information disclosure bugs in reportbug. The per-user configuration file ~/.reportbugrc was created world-readable. If it contained email smarthost passwords, these were readable by any other user on the computer storing the home directory. reportbug usually includes the settings from ~/.reportbugrc in generated bug…

28 February 2005 | ubuntu-4.10

USN-87-1: Cyrus IMAP server vulnerability

Sean Larsson discovered a buffer overflow in the IMAP “annotate” extension. This possibly allowed an authenticated IMAP client to execute arbitrary code with the privileges of the Cyrus IMAP server.

28 February 2005 | ubuntu-4.10

USN-86-1: cURL vulnerability

infamous41md discovered a buffer overflow in cURL’s NT LAN Manager (NTLM) authentication handling. By sending a specially crafted long NTLM reply packet, a remote attacker could overflow the reply buffer. This could lead to execution of arbitrary attacker specified code with the privileges of the application using the cURL library.

28 February 2005 | ubuntu-4.10

USN-85-1: Gaim vulnerabilities

The Gaim developers discovered that the HTML parser did not sufficiently validate its input. This allowed a remote attacker to crash the Gaim client by sending certain malformed HTML messages. (CAN-2005-0208, CAN-2005-0473) Another lack of sufficient input validation was found in the “Oscar” protocol handler which is used for ICQ and AIM. By…

26 February 2005 | ubuntu-4.10

USN-84-1: Squid vulnerabilities

When parsing the configuration file, squid interpreted empty Access Control Lists (ACLs) without defined authentication schemes in a non-obvious way. This could allow remote attackers to bypass intended ACLs. (CAN-2005-0194) A remote Denial of Service vulnerability was discovered in the domain name resolution code. A faulty or malicious DNS…

21 February 2005 | ubuntu-4.10