These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-440-1: MySQL vulnerability

Stefan Streichbier and B. Mueller of SEC Consult discovered that MySQL subselect queries using “ORDER BY” could be made to crash the MySQL server. An attacker with access to a MySQL instance could cause an intermitant denial of service.

22 March 2007 | ubuntu-6.10, ubuntu-6.06-lts

USN-439-1: file vulnerability

Jean-Sebastien Guay-Leroux discovered that “file” did not correctly check the size of allocated heap memory. If a user were tricked into examining a specially crafted file with the “file” utility, a remote attacker could execute arbitrary code with user privileges.

22 March 2007 | ubuntu-6.10, ubuntu-6.06-lts, ubuntu-5.10

USN-438-1: Inkscape vulnerability

A flaw was discovered in Inkscape’s use of format strings. If a user were tricked into opening a specially crafted URI in Inkscape, a remote attacker could execute arbitrary code with user privileges.

21 March 2007 | ubuntu-6.10, ubuntu-6.06-lts, ubuntu-5.10

USN-437-1: libwpd vulnerability

Sean Larsson of iDefense Labs discovered that libwpd was vulnerable to integer overflows. If a user were tricked into opening a specially crafted WordPerfect document with an application that used libwpd, an attacker could execute arbitrary code with user privileges.

19 March 2007 | ubuntu-6.10, ubuntu-6.06-lts, ubuntu-5.10

USN-432-2: GnuPG2, GPGME vulnerability

USN-432-1 fixed a vulnerability in GnuPG. This update provides the corresponding updates for GnuPG2 and the GPGME library. Original advisory details: Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without –status-fd, there is no way to distinguish initial unsigned messages from a following signed…

13 March 2007 | ubuntu-6.10, ubuntu-6.06-lts

USN-436-1: KTorrent vulnerabilities

Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges.

13 March 2007 | ubuntu-6.10, ubuntu-6.06-lts

USN-435-1: Xine vulnerability

Moritz Jodeit discovered that the DirectShow loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user’s privileges.

12 March 2007 | ubuntu-6.10, ubuntu-6.06-lts, ubuntu-5.10

USN-434-1: Ekiga vulnerability

It was discovered that Ekiga had format string vulnerabilities beyond those fixed in USN-426-1. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user’s privileges.

9 March 2007 | ubuntu-6.10, ubuntu-6.06-lts, ubuntu-5.10

USN-433-1: Xine vulnerability

Moritz Jodeit discovered that the DMO loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user’s privileges.

9 March 2007 | ubuntu-6.10, ubuntu-6.06-lts, ubuntu-5.10

USN-432-1: GnuPG vulnerability

Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without –status-fd, there is no way to distinguish initial unsigned messages from a following signed message. An attacker could inject an unsigned message, which could fool the user into thinking the message was entirely signed by the original sender.

8 March 2007 | ubuntu-6.10, ubuntu-6.06-lts, ubuntu-5.10