These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-77-1: Squid vulnerabilities

A possible authentication bypass was discovered in the LDAP authentication backend. LDAP ignores leading and trailing whitespace in search filters. This could possibly be abused to bypass explicit access controls or confuse accounting when using several variants of the login name. (CAN-2005-0173) Previous Squid versions were not strict enough…

8 February 2005 | ubuntu-4.10

USN-76-1: Emacs vulnerability

Max Vozeler discovered a format string vulnerability in the “movemail” utility of Emacs. By sending specially crafted packets, a malicious POP3 server could cause a buffer overflow, which could have been exploited to execute arbitrary code with the privileges of the user and the “mail” group (since “movemail” is installed as “setgid mail”).

7 February 2005 | ubuntu-4.10

USN-74-2: Fixed Postfix packages for USN-74-1

This is an update to the recently published Ubuntu Security Notice USN-74-1, which fixed the delivery of arbitrary mail to any MX host which has an IPv6 address. Unfortunately that upgrade revealed an error in the package upgrade system which caused package installation to fail. After the failed upgrade the Postfix server was not started again,…

5 February 2005 | ubuntu-4.10

USN-75-1: cpio vulnerability

Recently it was discovered that cpio created world-writeable files when used in -o/–create mode with giving an output file (with -O). This allowed any user to modify the created cpio archives. Now cpio respects the current umask setting of the user. Note: This vulnerability has already been fixed in a very old version of cpio, but the fix was…

4 February 2005 | ubuntu-4.10

USN-74-1: Postfix vulnerability

Jean-Samuel Reynaud noticed a programming error in the IPv6 handling code of Postfix when /proc/net/if_inet6 is not available (which is the case in Ubuntu since Postfix runs in a chroot). If “permit_mx_backup” was enabled in the “smtpd_recipient_restrictions”, Postfix turned into an open relay, i. e. erroneously permitted the delivery of…

4 February 2005 | ubuntu-4.10

USN-73-1: Python vulnerability

The Python developers discovered a flaw in the SimpleXMLRPCServer module. Python XML-RPC servers that used the register_instance() method to register an object, but do not have a dispatch() method, allowed remote users to access or change function internals using the im* and func_* attributes.

4 February 2005 | ubuntu-4.10

USN-72-1: Perl vulnerabilities

Two exploitable vulnerabilities involving setuid-enabled perl scripts have been discovered. The package “perl-suid” provides a wrapper around perl which allows to use setuid-root perl scripts, i.e. user-callable Perl scripts which have full root privileges. Previous versions allowed users to overwrite arbitrary files by setting the PERLIO_DEBUG…

2 February 2005 | ubuntu-4.10

USN-71-1: PostgreSQL vulnerability

John Heasman discovered a local privilege escalation in the PostgreSQL server. Any user could use the LOAD extension to load any shared library into the PostgreSQL server; the library’s initialisation function was then executed with the permissions of the server. Now the use of LOAD is restricted to the database superuser…

1 February 2005 | ubuntu-4.10

USN-70-1: Perl DBI module vulnerability

Javier Fern�ndez-Sanguino Pe�a from the Debian Security Audit Project discovered that the module DBI::ProxyServer in Perl’s DBI library created a PID file in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking a program using this module (like ‘dbiproxy’). Now…

26 January 2005 | ubuntu-4.10

USN-69-1: Evolution vulnerability

Max Vozeler discovered an integer overflow in camel-lock-helper. An user-supplied length value was not validated, so that a value of -1 caused a buffer allocation of 0 bytes; this buffer was then filled by an arbitrary amount of user-supplied data. A local attacker or a malicious POP3 server could exploit this to execute arbitrary code with root…

24 January 2005 | ubuntu-4.10