These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-314-1: samba vulnerability

The Samba security team reported a Denial of Service vulnerability in the handling of information about active connections. In certain circumstances an attacker could continually increase the memory usage of the smbd process by issuing a large number of share connection requests. By draining all available memory, this could be exploited to render…

13 July 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-316-1: installer vulnerability

Iwan Pieterse discovered that, if you select “Go Back” at the final message displayed by the alternate or server CD installer (“Installation complete”) and then continue with the installation from the installer’s main menu, the root password is left blank rather than locked. This was due to an error while clearing out the root password from…

13 July 2006 | ubuntu-6.06-lts

USN-313-1: OpenOffice.org vulnerabilities

It was possible to embed Basic macros in documents in a way that OpenOffice.org would not ask for confirmation about executing them. By tricking a user into opening a malicious document, this could be exploited to run arbitrary Basic code (including local file access and modification) with the user’s privileges. (CVE-2006-2198) A flaw was…

12 July 2006 | ubuntu-6.06-lts, ubuntu-5.04

USN-311-1: Linux kernel vulnerabilities

A race condition was discovered in the do_add_counters() functions. Processes which do not run with full root privileges, but have the CAP_NET_ADMIN capability can exploit this to crash the machine or read a random piece of kernel memory. In Ubuntu there are no packages that are affected by this, so this can only be an issue for you if you…

11 July 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-312-1: gimp vulnerability

Henning Makholm discovered that gimp did not sufficiently validate the ‘num_axes’ parameter in XCF files. By tricking a user into opening a specially crafted XCF file with Gimp, an attacker could exploit this to execute arbitrary code with the user’s privileges.

10 July 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-310-1: ppp vulnerability

Marcus Meissner discovered that the winbind plugin of pppd does not check the result of the setuid() call. On systems that configure PAM limits for the maximum number of user processes and enable the winbind plugin, a local attacker could exploit this to execute the winbind NTLM authentication helper as root. Depending on the local…

6 July 2006 | ubuntu-6.06-lts, ubuntu-5.10

USN-309-1: libmms vulnerability

Several buffer overflows were found in libmms. By tricking a user into opening a specially crafted remote multimedia stream with an application using libmms, a remote attacker could overwrite an arbitrary memory portion with zeros, thereby crashing the program. In Ubuntu 5.10, this affects the GStreamer MMS plugin (gstreamer0.8-mms). Other Ubuntu…

6 July 2006 | ubuntu-5.10

USN-308-1: shadow vulnerability

Ilja van Sprundel discovered that passwd, when called with the -f, -g, or -s option, did not check the result of the setuid() call. On systems that configure PAM limits for the maximum number of user processes, a local attacker could exploit this to execute chfn, gpasswd, or chsh with root privileges. This does not affect the default…

6 July 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-307-1: mutt vulnerability

TAKAHASHI Tamotsu discovered that mutt’s IMAP backend did not sufficiently check the validity of namespace strings. If an user connects to a malicious IMAP server, that server could exploit this to crash mutt or even execute arbitrary code with the privileges of the mutt user.

28 June 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-306-1: MySQL 4.1 vulnerability

MySQL did not correctly handle NULL as the second argument to the str_to_date() function. An authenticated user could exploit this to crash the server.

27 June 2006 | ubuntu-5.10