These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-107-1: racoon vulnerability

Sebastian Krahmer discovered a Denial of Service vulnerability in the racoon daemon. By sending specially crafted ISAKMP packets, a remote attacker could trigger a buffer overflow which caused racoon to crash. This update does not introduce any source code changes affecting the ipsec-tools package. It is necessary to update the version number…

6 April 2005 | ubuntu-4.10

USN-106-1: Gaim vulnerabilities

Jean-Yves Lefort discovered a buffer overflow in the gaim_markup_strip_html() function. This caused Gaim to crash when receiving certain malformed HTML messages. (CAN-2005-0965) Jean-Yves Lefort also noticed that many functions that handle IRC commands do not escape received HTML metacharacters; this allowed remote attackers to cause a Denial of…

5 April 2005 | ubuntu-4.10

USN-105-1: PHP4 vulnerabilities

Two Denial of Service vulnerabilities have been discovered in the getimagesize() function. getimagesize() uses format specific internal functions php_handle_iff() and php_handle_jpeg() which get stuck in infinite loops when certain (invalid) size parameters are read from the image. In web applications that allow users to upload arbitrary image…

5 April 2005 | ubuntu-4.10

USN-104-1: unshar vulnerability

Joey Hess discovered that “unshar” created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program.

4 April 2005 | ubuntu-4.10

USN-103-1: Linux kernel vulnerabilities

Mathieu Lafon discovered an information leak in the ext2 file system driver. When a new directory was created, the ext2 block written to disk was not initialized, so that previous memory contents (which could contain sensitive data like passwords) became visible on the raw device. This is particularly important if the target device is removable…

1 April 2005 | ubuntu-4.10

USN-102-1: shar vulnerabilities

Shaun Colley discovered a buffer overflow in “shar” that was triggered by output files (specified with -o) with names longer than 49 characters. This could be exploited to run arbitrary attacker specified code on systems that automatically process uploaded files with shar. Ulf Harnhammar discovered that shar does not check the data…

29 March 2005 | ubuntu-4.10

USN-101-1: telnet vulnerabilities

A buffer overflow was discovered in the telnet client’s handling of the LINEMODE suboptions. By sending a specially constructed reply containing a large number of SLC (Set Local Character) commands, a remote attacker (i. e. a malicious telnet server) could execute arbitrary commands with the privileges of the user running the telnet client….

29 March 2005 | ubuntu-4.10

USN-100-1: cdrecord vulnerability

Javier Fern�ndez-Sanguino Pe�a noticed that cdrecord created temporary files in an insecure manner if DEBUG was enabled in /etc/cdrecord/rscsi. If the default value was used (which stored the debug output file in /tmp), this could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking…

24 March 2005 | ubuntu-4.10

USN-99-2: Fixed php4 packages for USN-99-1

USN-99-1 fixed a safe mode bypass which allowed malicious PHP scripts to circumvent path restrictions by creating a specially crafted directory whose length exceeded the capacity of the realpath() function (CAN-2004-1064). However, this caused severe regressions, some applications like SquirrelMail and Gallery did not work any more, and the…

24 March 2005 | ubuntu-4.10

USN-99-1: PHP4 vulnerabilities

Stefano Di Paola discovered integer overflows in PHP’s pack() and unpack() functions. A malicious PHP script could exploit these to break out of safe mode and execute arbitrary code with the privileges of the PHP interpreter. (CAN-2004-1018) Note: The second part of CAN-2004-1018 (buffer overflow in the shmop_write() function) was already fixed…

18 March 2005 | ubuntu-4.10