These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-128-1: nasm vulnerability

Josh Bressers discovered a buffer overflow in the ieee_putascii() function of nasm. If an attacker tricked a user into assembling a malicious source file, they could exploit this to execute arbitrary code with the privileges of the user that runs nasm.

18 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-127-1: bzip2 vulnerabilities

Imran Ghory discovered a race condition in the file permission restore code of bunzip2. While a user was decompressing a file, a local attacker with write permissions in the directory of that file could replace the target file with a hard link. This would cause bzip2 to restore the file permissions to the hard link target instead of to the bzip2…

17 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-126-1: GNU TLS library vulnerability

A Denial of Service vulnerability was discovered in the GNU TLS library, which provides common cryptographic algorithms and is used by many applications in Ubuntu. Due to a missing sanity check of the padding length field, specially crafted ciphertext blocks caused an out of bounds memory access which could crash the application. It was not…

13 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-125-1: Gaim vulnerabilities

Marco Alvarez found a Denial of Service vulnerability in the Jabber protocol handler. A remote attacker could exploit this to crash Gaim by sending specially crafted file transfers to the user. (CAN-2005-0967) Stu Tomlinson discovered an insufficient bounds checking flaw in the URL parser. By sending a message containing a very long URL, a…

13 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-124-2: Fixed packages for USN-124-1

USN-124-1 fixed several vulnerabilities of Firefox. After that update, several users experienced XML errors on various actions like adding bookmarks (see https://bugzilla.ubuntu.com/show_bug.cgi?id=10643). After installing these new packages and restarting the browser, these problems should be fixed.

13 May 2005 | ubuntu-5.04

USN-124-1: Mozilla and Firefox vulnerabilities

When a popup is blocked the user is given the ability to open that popup through the popup-blocking status bar icon and, in Firefox, through the information bar. Doron Rosenberg noticed that popups which are permitted by the user were executed with elevated privileges, which could be abused to automatically install and execute arbitrary code with…

11 May 2005 | ubuntu-5.04

USN-123-1: Xine library vulnerabilities

Two buffer overflows have been discovered in the MMS and Real RTSP stream handlers of the Xine library. By tricking a user to connect to a malicious MMS or RTSP video/audio stream source with an application that uses this library, an attacker could crash the client and possibly even execute arbitrary code with the privileges of the…

6 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-122-1: Squid vulnerability

Michael Bhola discovered that errors in the http_access configuration, in particular missing or invalid ACLs, did not cause a fatal error. This could lead to wider access permissions than intended by the administrator.

6 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-121-1: OpenOffice.org vulnerability

The StgCompObjStream::Load() failed to check the validity of a length field in documents. If an attacker tricked a user to open a specially crafted OpenOffice file, this triggered a buffer overflow which could lead to arbitrary code execution with the privileges of the user opening the document. The update for Ubuntu 5.04 (Hoary Hedgehog) also…

6 May 2005 | ubuntu-5.04, ubuntu-4.10

USN-120-1: Apache 2 vulnerability

Luca Ercoli discovered that the “htdigest” program did not perform any bounds checking when it copied the “user” and “realm” arguments into local buffers. If this program is used in remotely callable CGI scripts, this could be exploited by a remote attacker to execute arbitrary code with the privileges of the CGI script.

6 May 2005 | ubuntu-5.04, ubuntu-4.10