These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-259-1: irssi vulnerability

A Denial of Service vulnerability was discoverd in irssi. The DCC ACCEPT command handler did not sufficiently verify the remotely specified arguments. A remote attacker could exploit this to crash irssi by sending a specially crafted DCC commands.

2 March 2006 | ubuntu-5.10

USN-258-1: PostgreSQL vulnerability

Akio Ishida discovered that the SET SESSION AUTHORIZATION command did not properly verify the validity of its argument. An authenticated PostgreSQL user could exploit this to crash the server. However, this does not affect the official binary Ubuntu packages. The crash can only be triggered if the source package is rebuilt with assertions enabled…

27 February 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-257-1: tar vulnerability

Jim Meyering discovered that tar did not properly verify the validity of certain header fields in a GNU tar archive. By tricking an user into processing a specially crafted tar archive, this could be exploited to execute arbitrary code with the privileges of the user. The tar version in Ubuntu 4.10 is not affected by this vulnerability.

23 February 2006 | ubuntu-5.10, ubuntu-5.04

USN-255-1: openssh vulnerability

Tomas Mraz discovered a shell code injection flaw in scp. When doing local-to-local or remote-to-remote copying, scp expanded shell escape characters. By tricking an user into using scp on a specially crafted file name (which could also be caught by using an innocuous wild card like ‘*‘), an attacker could exploit this to execute arbitrary…

22 February 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-254-1: noweb vulnerability

Javier Fern�ndez-Sanguino Pe�a discovered that noweb scripts created temporary files in an insecure way. This could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user running noweb.

22 February 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-256-1: bluez-hcidump vulnerability

Pierre Betouin discovered a Denial of Service vulnerability in the handling of the L2CAP (Logical Link Control and Adaptation Layer Protocol) layer. By sending a specially crafted L2CAP packet through a wireless Bluetooth connection, a remote attacker could crash hcidump. Since hcidump is mainly a debugging tool, the impact of this flaw is very…

22 February 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-253-1: heimdal vulnerability

A remote Denial of Service vulnerability was discovered in the heimdal implementation of the telnet daemon. A remote attacker could force the server to crash due to a NULL de-reference before the user logged in, resulting in inetd turning telnetd off because it forked too fast. Please note that the heimdal-servers package is not…

18 February 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-252-1: gnupg vulnerability

Tavis Ormandy discovered a potential weakness in the signature verification of gnupg. gpgv and gpg –verify returned a successful exit code even if the checked file did not have any signature at all. The recommended way of checking the result is to evaluate the status messages, but some third party applications might just check the exit code for…

18 February 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-251-1: libtasn vulnerability

Evgeny Legerov discovered a buffer overflow in the DER format decoding function of the libtasn library. This library is mainly used by the GNU TLS library; by sending a specially crafted X.509 certificate to a server which uses TLS encryption/authentication, a remote attacker could exploit this to crash that server process and possibly…

17 February 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-248-2: unzip regression fix

USN-248-1 fixed a vulnerability in unzip. However, that update inadvertedly changed the field order in the contents listing output, which broke unzip frontends like file-roller. The updated packages fix this regression.

15 February 2006 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10