These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-112-1: PHP4 vulnerabilities

An integer overflow was discovered in the exif_process_IFD_TAG() function in PHP4’s EXIF module. EXIF tags with a specially crafted “Image File Directory” (IFD) tag caused a buffer overflow which could have been exploited to execute arbitrary code with the privileges of the PHP4 server. (CAN-2005-1042) The same module also contained a Denial of…

14 April 2005 | ubuntu-4.10

USN-111-1: Squid vulnerability

A remote Denial of Service vulnerability has been discovered in Squid. If the remote end aborted the connection during a PUT or POST request, Squid tried to free an already freed part of memory, which eventually caused the server to crash.

14 April 2005 | ubuntu-4.10

USN-110-1: Linux kernel vulnerabilities

Alexander Nyberg discovered an integer overflow in the sysfs_write_file() function. A local attacker could exploit this to crash the kernel or possibly even execute arbitrary code with root privileges by writing to an user-writable file in /sys under certain low-memory conditions. However, there are very few cases where a user-writeable sysfs file…

11 April 2005 | ubuntu-4.10

USN-109-1: MySQL vulnerability

USN-32-1 fixed a database privilege escalation vulnerability; original advisory text: “If a user was granted privileges to a database with a name containing an underscore (”_“), the user also gained the ability to grant privileges to other databases with similar names. (CAN-2004-0957)” Recently a corner case was discovered where this…

6 April 2005 | ubuntu-4.10

USN-108-1: GDK vulnerability

Matthias Clasen discovered a Denial of Service vulnerability in the BMP image module of gdk. Processing a specially crafted BMP image with an application using gdk-pixbuf caused an allocated memory block to be free()‘ed twice, leading to a crash of the application. However, it is believed that this cannot be exploited to execute…

6 April 2005 | ubuntu-4.10

USN-107-1: racoon vulnerability

Sebastian Krahmer discovered a Denial of Service vulnerability in the racoon daemon. By sending specially crafted ISAKMP packets, a remote attacker could trigger a buffer overflow which caused racoon to crash. This update does not introduce any source code changes affecting the ipsec-tools package. It is necessary to update the version number…

6 April 2005 | ubuntu-4.10

USN-106-1: Gaim vulnerabilities

Jean-Yves Lefort discovered a buffer overflow in the gaim_markup_strip_html() function. This caused Gaim to crash when receiving certain malformed HTML messages. (CAN-2005-0965) Jean-Yves Lefort also noticed that many functions that handle IRC commands do not escape received HTML metacharacters; this allowed remote attackers to cause a Denial of…

5 April 2005 | ubuntu-4.10

USN-105-1: PHP4 vulnerabilities

Two Denial of Service vulnerabilities have been discovered in the getimagesize() function. getimagesize() uses format specific internal functions php_handle_iff() and php_handle_jpeg() which get stuck in infinite loops when certain (invalid) size parameters are read from the image. In web applications that allow users to upload arbitrary image…

5 April 2005 | ubuntu-4.10

USN-104-1: unshar vulnerability

Joey Hess discovered that “unshar” created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program.

4 April 2005 | ubuntu-4.10

USN-103-1: Linux kernel vulnerabilities

Mathieu Lafon discovered an information leak in the ext2 file system driver. When a new directory was created, the ext2 block written to disk was not initialized, so that previous memory contents (which could contain sensitive data like passwords) became visible on the raw device. This is particularly important if the target device is removable…

1 April 2005 | ubuntu-4.10