These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-59-1: mailman vulnerabilities

Florian Weimer discovered a cross-site scripting vulnerability in mailman’s automatically generated error messages. An attacker could craft an URL containing JavaScript (or other content embedded into HTML) which triggered a mailman error page. When an unsuspecting user followed this URL, the malicious content was copied unmodified to the error…

11 January 2005 | ubuntu-4.10

USN-58-1: MIT Kerberos server vulnerability

Michael Tautschnig discovered a possible buffer overflow in the add_to_history() function in the MIT Kerberos 5 implementation. Performing a password change did not properly track the password policy’s history count and the maximum number of keys. This could cause an array overflow and may have allowed authenticated users (not necessarily one with…

10 January 2005 | ubuntu-4.10

USN-57-1: Linux kernel vulnerabilities

Paul Starzetz discovered a race condition in the ELF library and a.out binary format loaders, which can be locally exploited in several different ways to gain root privileges. (CAN-2004-1235) Liang Bin found a design flaw in the capability module. After this module was loaded on demand in a running system, all unprivileged user space processes…

9 January 2005 | ubuntu-4.10

USN-56-1: exim4 vulnerabilities

A flaw has been found in the host_aton() function, which can overflow a buffer if it is presented with an illegal IPv6 address that has more than 8 components. When supplying certain command line parameters, the input was not checked, so that a local attacker could possibly exploit the buffer overflow to run arbitrary code with the privileges of…

7 January 2005 | ubuntu-4.10

USN-55-1: imlib2 vulnerabilities

Recently, Pavel Kankovsky discovered several buffer overflows in imlib which were fixed in USN-53-1. It was found that imlib2 was vulnerable to similar issues. If an attacker tricked a user into loading a malicious XPM or BMP image, he could exploit this to execute arbitrary code in the context of the user opening the image. These…

7 January 2005 | ubuntu-4.10

USN-54-1: TIFF library tool vulnerability

Dmitry V. Levin discovered a buffer overflow in the “tiffdump” utility. If an attacker tricked a user into processing a malicious TIFF image with tiffdump, they could cause a buffer overflow which at least causes the program to crash. However, it is not entirely clear whether this can be exploited to execute arbitrary code with the privileges of…

7 January 2005 | ubuntu-4.10

USN-53-1: imlib vulnerabilities

Pavel Kankovsky discovered several buffer overflows in imlib. If an attacker tricked a user into loading a malicious image, he could exploit this to execute arbitrary code in the context of the user opening the image.

29 December 2004 | ubuntu-4.10

USN-52-1: vim vulnerability

Ciaran McCreesh found several vulnerabilities related to the use of options in Vim modeline commands, such as ‘termcap’, ‘printdevice’, ‘titleold’, ‘filetype’, ‘syntax’, ‘backupext’, ‘keymap’, ‘patchmode’, and ‘langmenu’. If an attacker tricked an user to open a file with a specially crafted modeline, he could exploit this to execute arbitrary…

23 December 2004 | ubuntu-4.10

USN-51-1: teTeX auxiliary script vulnerability

Javier Fern�ndez-Sanguino Pe�a noticed that “xdvizilla”, an auxiliary script to integrate DVI file viewing in Mozilla-based browsers, created temporary files and directories in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program.

23 December 2004 | ubuntu-4.10

USN-50-1: CUPS vulnerabilities

CAN-2004-1125: The recent USN-48-1 fixed a buffer overflow in xpdf. Since CUPS contains xpdf code to convert incoming PDF files to the PostScript format, this vulnerability applies to cups as well. In this case it could even lead to privilege escalation: if an attacker submitted a malicious PDF file for printing, he could be able to…

23 December 2004 | ubuntu-4.10