These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-82-1: Linux kernel vulnerabilities

CAN-2004-0176: Michael Kerrisk noticed an insufficient permission checking in the shmctl() function. Any process was permitted to lock/unlock any System V shared memory segment that fell within the the RLIMIT_MEMLOCK limit (that is the maximum size of shared memory that unprivileged users can acquire). This allowed am unprivileged user …

15 February 2005 | ubuntu-4.10

USN-81-1: iptables vulnerability

Faheem Mitha noticed that the “iptables” command did not always load the required modules on its own as it was supposed to. This could lead to firewall rules not being loaded on system startup.

11 February 2005 | ubuntu-4.10

USN-80-1: mod_python vulnerability

Graham Dumpleton discovered an information disclosure in the “publisher” handle of mod_python. By requesting a carefully crafted URL for a published module page, anybody can obtain extra information about internal variables, objects, and other information which is not intended to be visible.

11 February 2005 | ubuntu-4.10

USN-79-1: PostgreSQL vulnerabilities

The execution of custom PostgreSQL functions can be restricted with the EXECUTE privilege. However, previous versions did not check this privilege when executing a function which was part of an aggregate. As a result, any database user could circumvent the EXECUTE restriction of functions with a particular (but very common) parameter structure…

11 February 2005 | ubuntu-4.10

USN-78-1: Mailman vulnerability

An path traversal vulnerability has been discovered in the “private” module of Mailman. A flawed path sanitation algorithm allowed the construction of URLS to arbitrary files readable by Mailman. This allowed a remote attacker to retrieve configuration and password databases, private list archives, and other files.

10 February 2005 | ubuntu-4.10

USN-77-1: Squid vulnerabilities

A possible authentication bypass was discovered in the LDAP authentication backend. LDAP ignores leading and trailing whitespace in search filters. This could possibly be abused to bypass explicit access controls or confuse accounting when using several variants of the login name. (CAN-2005-0173) Previous Squid versions were not strict enough…

8 February 2005 | ubuntu-4.10

USN-76-1: Emacs vulnerability

Max Vozeler discovered a format string vulnerability in the “movemail” utility of Emacs. By sending specially crafted packets, a malicious POP3 server could cause a buffer overflow, which could have been exploited to execute arbitrary code with the privileges of the user and the “mail” group (since “movemail” is installed as “setgid mail”).

7 February 2005 | ubuntu-4.10

USN-74-2: Fixed Postfix packages for USN-74-1

This is an update to the recently published Ubuntu Security Notice USN-74-1, which fixed the delivery of arbitrary mail to any MX host which has an IPv6 address. Unfortunately that upgrade revealed an error in the package upgrade system which caused package installation to fail. After the failed upgrade the Postfix server was not started again,…

5 February 2005 | ubuntu-4.10

USN-75-1: cpio vulnerability

Recently it was discovered that cpio created world-writeable files when used in -o/–create mode with giving an output file (with -O). This allowed any user to modify the created cpio archives. Now cpio respects the current umask setting of the user. Note: This vulnerability has already been fixed in a very old version of cpio, but the fix was…

4 February 2005 | ubuntu-4.10

USN-74-1: Postfix vulnerability

Jean-Samuel Reynaud noticed a programming error in the IPv6 handling code of Postfix when /proc/net/if_inet6 is not available (which is the case in Ubuntu since Postfix runs in a chroot). If “permit_mx_backup” was enabled in the “smtpd_recipient_restrictions”, Postfix turned into an open relay, i. e. erroneously permitted the delivery of…

4 February 2005 | ubuntu-4.10