These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-148-1: zlib vulnerability

Tavis Ormandy discovered that zlib did not properly verify data streams. Decompressing certain invalid compressed files caused corruption of internal data structures, which caused applications which link to zlib to crash. Specially crafted input might even have allowed arbitrary code execution. zlib is used by hundreds of server and client…

6 July 2005 | ubuntu-5.04, ubuntu-4.10

USN-147-1: PHP XMLRPC vulnerability

A remote code execution vulnerability has been discovered in the XMLRPC module of the PEAR (PHP Extension and Application Repository) extension of PHP. By sending specially crafted XMLRPC requests to an affected web server, a remote attacker could exploit this to execute arbitrary code with the web server’s privileges. In Ubuntu 5.04 (Hoary…

5 July 2005 | ubuntu-5.04, ubuntu-4.10

USN-146-1: Ruby vulnerability

Nobuhiro IMAI discovered that the changed default value of the Module#public_instance_methods() method broke the security protection of XMLRPC server handlers. A remote attacker could exploit this to execute arbitrary commands on an XMLRPC server.

29 June 2005 | ubuntu-5.04, ubuntu-4.10

USN-145-1: wget vulnerabilities

Jan Minar discovered a path traversal vulnerability in wget. If the name “..” was a valid host name (which can be achieved with a malicious or poisoned domain name server), it was possible to trick wget into creating downloaded files into arbitrary locations with arbitrary names. For example, wget could silently overwrite the users ~/.bashrc and…

28 June 2005 | ubuntu-5.04, ubuntu-4.10

USN-144-1: dbus vulnerability

Besides providing the global system-wide communication bus, dbus also offers per-user “session” buses which applications in an user’s session can create and use to communicate with each other. Daniel Reed discovered that the default configuration of the session dbus allowed a local user to connect to another user’s session bus if its address was…

28 June 2005 | ubuntu-4.10

USN-143-1: Linux amd64 kernel vulnerabilities

A Denial of Service vulnerability has been discovered in the ptrace() call on the amd64 platform. By calling ptrace() with specially crafted (“non-canonical”) addresses, a local attacker could cause the kernel to crash. This only affects the amd64 platform. (CAN-2005-1762) ZouNanHai discovered that a local user could hang the kernel by invoking…

27 June 2005 | ubuntu-5.04, ubuntu-4.10

USN-142-1: sudo vulnerability

Charles Morris discovered a race condition in sudo which could lead to privilege escalation. If /etc/sudoers allowed a user the execution of selected programs, and this was followed by another line containing the pseudo-command “ALL”, that user could execute arbitrary commands with sudo by creating symbolic links at a certain time. Please note…

21 June 2005 | ubuntu-5.04, ubuntu-4.10

USN-141-1: tcpdump vulnerability

It was discovered that certain invalid BGP packets triggered an infinite loop in tcpdump, which caused tcpdump to stop working. This could be abused by a remote attacker to bypass tcpdump analysis of network traffic.

21 June 2005 | ubuntu-5.04, ubuntu-4.10

USN-140-1: Gaim vulnerability

A remote Denial of Service vulnerability was discovered in Gaim. A remote attacker could crash the Gaim client of an MSN user by sending a specially crafted MSN package which states an invalid body length in the header.

15 June 2005 | ubuntu-5.04, ubuntu-4.10

USN-139-1: Gaim vulnerability

A remote Denial of Service vulnerability was discovered in Gaim. By initiating a file transfer with a file name containing certain international characters (like an accented “a”), a remote attacker could crash the Gaim client of an arbitrary Yahoo IM member.

10 June 2005 | ubuntu-5.04, ubuntu-4.10