These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-115-1: Kommander vulnerability

Eckhart W�rner discovered that Kommander opens files from remote and possibly untrusted locations without user confirmation. Since Kommander files can contain scripts, this would allow an attacker to execute arbitrary code with the privileges of the user opening the file. The updated Kommander will not automatically open files from…

4 May 2005 | ubuntu-5.04

USN-114-1: kimgio vulnerability

Bruno Rohee discovered a buffer overflow in the PCX decoder of kimgio. If an attacker tricked a user into loading a malicious PCX image with a KDE application, he could exploit this to execute arbitrary code with the privileges of the user opening the image.

3 May 2005 | ubuntu-5.04

USN-113-1: libnet-ssleay-perl vulnerability

Javier Fernandez-Sanguino Pena discovered that this library used the file /tmp/entropy as a fallback entropy source if a proper source was not set in the environment variable EGD_PATH. This can potentially lead to weakened cryptographic operations if an attacker provides a /tmp/entropy file with known content. The updated package requires the…

3 May 2005 | ubuntu-5.04

USN-112-1: PHP4 vulnerabilities

An integer overflow was discovered in the exif_process_IFD_TAG() function in PHP4’s EXIF module. EXIF tags with a specially crafted “Image File Directory” (IFD) tag caused a buffer overflow which could have been exploited to execute arbitrary code with the privileges of the PHP4 server. (CAN-2005-1042) The same module also contained a Denial of…

14 April 2005 | ubuntu-4.10

USN-111-1: Squid vulnerability

A remote Denial of Service vulnerability has been discovered in Squid. If the remote end aborted the connection during a PUT or POST request, Squid tried to free an already freed part of memory, which eventually caused the server to crash.

14 April 2005 | ubuntu-4.10

USN-110-1: Linux kernel vulnerabilities

Alexander Nyberg discovered an integer overflow in the sysfs_write_file() function. A local attacker could exploit this to crash the kernel or possibly even execute arbitrary code with root privileges by writing to an user-writable file in /sys under certain low-memory conditions. However, there are very few cases where a user-writeable sysfs file…

11 April 2005 | ubuntu-4.10

USN-109-1: MySQL vulnerability

USN-32-1 fixed a database privilege escalation vulnerability; original advisory text: “If a user was granted privileges to a database with a name containing an underscore (”_“), the user also gained the ability to grant privileges to other databases with similar names. (CAN-2004-0957)” Recently a corner case was discovered where this…

6 April 2005 | ubuntu-4.10

USN-108-1: GDK vulnerability

Matthias Clasen discovered a Denial of Service vulnerability in the BMP image module of gdk. Processing a specially crafted BMP image with an application using gdk-pixbuf caused an allocated memory block to be free()‘ed twice, leading to a crash of the application. However, it is believed that this cannot be exploited to execute…

6 April 2005 | ubuntu-4.10

USN-107-1: racoon vulnerability

Sebastian Krahmer discovered a Denial of Service vulnerability in the racoon daemon. By sending specially crafted ISAKMP packets, a remote attacker could trigger a buffer overflow which caused racoon to crash. This update does not introduce any source code changes affecting the ipsec-tools package. It is necessary to update the version number…

6 April 2005 | ubuntu-4.10

USN-106-1: Gaim vulnerabilities

Jean-Yves Lefort discovered a buffer overflow in the gaim_markup_strip_html() function. This caused Gaim to crash when receiving certain malformed HTML messages. (CAN-2005-0965) Jean-Yves Lefort also noticed that many functions that handle IRC commands do not escape received HTML metacharacters; this allowed remote attackers to cause a Denial of…

5 April 2005 | ubuntu-4.10