These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-124-2: Fixed packages for USN-124-1

USN-124-1 fixed several vulnerabilities of Firefox. After that update, several users experienced XML errors on various actions like adding bookmarks (see https://bugzilla.ubuntu.com/show_bug.cgi?id=10643). After installing these new packages and restarting the browser, these problems should be fixed.

13 May 2005 | ubuntu-5.04

USN-124-1: Mozilla and Firefox vulnerabilities

When a popup is blocked the user is given the ability to open that popup through the popup-blocking status bar icon and, in Firefox, through the information bar. Doron Rosenberg noticed that popups which are permitted by the user were executed with elevated privileges, which could be abused to automatically install and execute arbitrary code with…

11 May 2005 | ubuntu-5.04

USN-123-1: Xine library vulnerabilities

Two buffer overflows have been discovered in the MMS and Real RTSP stream handlers of the Xine library. By tricking a user to connect to a malicious MMS or RTSP video/audio stream source with an application that uses this library, an attacker could crash the client and possibly even execute arbitrary code with the privileges of the…

6 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-122-1: Squid vulnerability

Michael Bhola discovered that errors in the http_access configuration, in particular missing or invalid ACLs, did not cause a fatal error. This could lead to wider access permissions than intended by the administrator.

6 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-121-1: OpenOffice.org vulnerability

The StgCompObjStream::Load() failed to check the validity of a length field in documents. If an attacker tricked a user to open a specially crafted OpenOffice file, this triggered a buffer overflow which could lead to arbitrary code execution with the privileges of the user opening the document. The update for Ubuntu 5.04 (Hoary Hedgehog) also…

6 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-120-1: Apache 2 vulnerability

Luca Ercoli discovered that the “htdigest” program did not perform any bounds checking when it copied the “user” and “realm” arguments into local buffers. If this program is used in remotely callable CGI scripts, this could be exploited by a remote attacker to execute arbitrary code with the privileges of the CGI script.

6 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-119-1: tcpdump vulnerabilities

It was discovered that certain invalid GRE, LDP, BGP, and RSVP packets triggered infinite loops in tcpdump, which caused tcpdump to stop working. This could be abused by a remote attacker to bypass tcpdump analysis of network traffic.

6 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-118-1: PostgreSQL vulnerabilities

It was discovered that unprivileged users were allowed to call internal character conversion functions. However, since these functions were not designed to be safe against malicious choices of argument values, this could potentially be exploited to execute arbitrary code with the privileges of the PostgreSQL server (user “postgres”)….

4 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-117-1: cvs vulnerability

Alen Zukich discovered a buffer overflow in the processing of version and author information in the CVS client. By tricking an user to connect to a malicious CVS server, an attacker could exploit this to execute arbitrary code with the privileges of the connecting user.

4 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-116-1: gzip vulnerabilities

Imran Ghory discovered a race condition in the file permission restore code of gzip and gunzip. While a user was compressing or decompressing a file, a local attacker with write permissions in the directory of that file could replace the target file with a hard link. This would cause gzip to restore the file permissions to the hard link…

4 May 2005 | ubuntu-5.04, ubuntu-4.10