These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-90-1: Imagemagick vulnerability

Tavis Ormandy discovered a format string vulnerability in ImageMagick’s file name handling. Specially crafted file names could cause a program using ImageMagick to crash, or possibly even cause execution of arbitrary code. Since ImageMagick can be used in custom printing systems, this also might lead to privilege escalation (execute code with the…

3 March 2005 | ubuntu-4.10

USN-89-1: XML library vulnerabilities

Several buffer overflows have been discovered in libxml’s FTP connection and DNS resolution functions. Supplying very long FTP URLs or IP addresses might result in execution of arbitrary code with the privileges of the process using libxml. This does not affect the core XML parsing code, which is what the majority of programs use this library…

28 February 2005 | ubuntu-4.10

USN-88-1: reportbug information disclosure

Rolf Leggewie discovered two information disclosure bugs in reportbug. The per-user configuration file ~/.reportbugrc was created world-readable. If it contained email smarthost passwords, these were readable by any other user on the computer storing the home directory. reportbug usually includes the settings from ~/.reportbugrc in generated bug…

28 February 2005 | ubuntu-4.10

USN-87-1: Cyrus IMAP server vulnerability

Sean Larsson discovered a buffer overflow in the IMAP “annotate” extension. This possibly allowed an authenticated IMAP client to execute arbitrary code with the privileges of the Cyrus IMAP server.

28 February 2005 | ubuntu-4.10

USN-86-1: cURL vulnerability

infamous41md discovered a buffer overflow in cURL’s NT LAN Manager (NTLM) authentication handling. By sending a specially crafted long NTLM reply packet, a remote attacker could overflow the reply buffer. This could lead to execution of arbitrary attacker specified code with the privileges of the application using the cURL library.

28 February 2005 | ubuntu-4.10

USN-85-1: Gaim vulnerabilities

The Gaim developers discovered that the HTML parser did not sufficiently validate its input. This allowed a remote attacker to crash the Gaim client by sending certain malformed HTML messages. (CAN-2005-0208, CAN-2005-0473) Another lack of sufficient input validation was found in the “Oscar” protocol handler which is used for ICQ and AIM. By…

26 February 2005 | ubuntu-4.10

USN-84-1: Squid vulnerabilities

When parsing the configuration file, squid interpreted empty Access Control Lists (ACLs) without defined authentication schemes in a non-obvious way. This could allow remote attackers to bypass intended ACLs. (CAN-2005-0194) A remote Denial of Service vulnerability was discovered in the domain name resolution code. A faulty or malicious DNS…

21 February 2005 | ubuntu-4.10

USN-66-2: PHP vulnerability

Ubuntu Security Notice USN-66-1 described a circumvention of the “open_basedir” restriction by using the cURL module. Adam Conrad discovered that the fix from USN-66-1 still allowed to bypass this restriction with certain variants of path specifications. In addition this update fixes the crash of the PHP interpreter if curl_init() was called…

17 February 2005 | ubuntu-4.10

USN-78-2: Fixed mailman packages for USN-78-1

Ubuntu Security Announce USN-78-1 described a path traversal vulnerability in the “private” module of Mailman. Unfortunately this updated mailman package was broken so that the “private” module could not be executed at all any more. The latest package version fixes this. We apologize for the inconvenience. For reference, this is the description…

17 February 2005 | ubuntu-4.10

USN-83-1: LessTif 2 vulnerabilities

Several vulnerabilities have been found in the XPM image decoding functions of the LessTif library. If an attacker tricked a user into loading a malicious XPM image with an application that uses LessTif, he could exploit this to execute arbitrary code in the context of the user opening the image. Ubuntu does not contain any server applications…

16 February 2005 | ubuntu-4.10