These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-211-1: Enigmail vulnerability

Hadmut Danish discovered an information disclosure vulnerability in the key selection dialog of the Mozilla/Thunderbird enigmail plugin. If a user’s keyring contained a key with an empty user id (i. e. a key without a name and email address), this key was selected by default when the user attempted to send an encrypted email. Unless this empty key…

20 October 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-210-1: netpbm vulnerability

A buffer overflow was found in the “pnmtopng” conversion program. By tricking an user (or automated system) to process a specially crafted PNM image with pnmtopng, this could be exploited to execute arbitrary code with the privileges of the user running pnmtopng.

18 October 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-209-1: SSH server vulnerability

An information disclosure vulnerability has been found in the SSH server. When the GSSAPIAuthentication option was enabled, the SSH server could send GSSAPI credentials even to users who attempted to log in with a method other than GSSAPI. This could inadvertently expose these credentials to an untrusted user. Please note that this does not…

18 October 2005 | ubuntu-5.04, ubuntu-4.10

USN-208-1: graphviz vulnerability

Javier Fern�ndez-Sanguino Pe�a discovered that the “dotty” tool created and used temporary files in an insecure way. A local attacker could exploit this with a symlink attack to create or overwrite arbitrary files with the privileges of the user running dotty.

17 October 2005 | ubuntu-5.04

USN-207-1: PHP vulnerability

A bug has been found in the handling of the open_basedir directive handling. Contrary to the specification, the value of open_basedir was handled as a prefix instead of a proper directory name even if it was terminated by a slash (‘/’). For example, this allowed PHP scripts to access the directory /home/user10 when open_basedir was configured to…

17 October 2005 | ubuntu-5.04, ubuntu-4.10

USN-206-1: Lynx vulnerability

Ulf Harnhammar discovered a remote vulnerability in Lynx when connecting to a news server (NNTP). The function that added missing escape chararacters to article headers did not check the size of the target buffer. Specially crafted news entries could trigger a buffer overflow, which could be exploited to execute arbitrary code with the privileges…

17 October 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-205-1: Curl and wget vulnerabilities

A buffer overflow has been found in the NTLM authentication handler of the Curl library and wget. By tricking an user or automatic system that uses the Curl library, the curl application, or wget into visiting a specially-crafted web site, a remote attacker could exploit this to execute arbitrary code with the privileges of the calling user. The…

14 October 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-204-1: SSL library vulnerability

Yutaka Oiwa discovered a possible cryptographic weakness in OpenSSL applications. Applications using the OpenSSL library can use the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or SSL_OP_ALL, which implies the former) to maintain compatibility with third party products, which is achieved by working around known bugs in them. The…

14 October 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-203-1: Abiword vulnerabilities

Chris Evans discovered several buffer overflows in the RTF import module of AbiWord. By tricking a user into opening an RTF file with specially crafted long identifiers, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user.

13 October 2005 | ubuntu-5.04, ubuntu-4.10

USN-202-1: KOffice vulnerability

Chris Evans discovered a buffer overflow in the RTF import module of KOffice. By tricking a user into opening a specially-crafted RTF file, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user.

12 October 2005 | ubuntu-5.04