These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-228-1: curl library vulnerability

Stefan Esser discovered several buffer overflows in the handling of URLs. By attempting to load an URL with a specially crafted invalid hostname, a local attacker could exploit this to execute arbitrary code with the privileges of the application that uses the cURL library. It is not possible to trick cURL into loading a malicious URL with…

13 December 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-222-2: Perl vulnerability

USN-222-1 fixed a vulnerability in the Perl interpreter. It was discovered that the version of USN-222-1 was not sufficient to handle all possible cases of malformed input that could lead to arbitrary code execution, so another update is necessary. Original advisory: Jack Louis of Dyad Security discovered that Perl did not sufficiently check…

13 December 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-227-1: xpdf vulnerabilities

infamous41md discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, tetex-bin, KOffice, and kpdf. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document. The CUPS…

12 December 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-226-1: Courier vulnerability

Patrick Cheong Shu Yang discovered a flaw in the user account handling of courier-authdaemon. After successful authorization, the Courier mail server granted access to deactivated accounts.

10 December 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-225-1: Apache 2 vulnerability

A memory leak was found in the Apache 2 ‘worker’ module in the handling of aborted TCP connections. By repeatedly triggering this situation, a remote attacker could drain all available memory, which eventually led to a Denial of Service.

7 December 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-224-1: Kerberos vulnerabilities

Ga�l Delalleau discovered a buffer overflow in the env_opt_add() function of the Kerberos 4 and 5 telnet clients. By sending specially crafted replies, a malicious telnet server could exploit this to execute arbitrary code with the privileges of the user running the telnet client. (CVE-2005-0468) Ga�l Delalleau discovered a buffer overflow in the…

6 December 2005 | ubuntu-5.04, ubuntu-4.10

USN-180-2: MySQL 4.1 vulnerability

USN-180-1 fixed a vulnerability in the mysql-server package (which ships version 4.0). Version 4.1 is vulnerable against the same flaw. Please note that this package is not officially supported in Ubuntu 5.10. Origial advisory: “AppSecInc Team SHATTER discovered a buffer overflow in the “CREATE FUNCTION” statement. By specifying a specially…

5 December 2005 | ubuntu-5.10

USN-223-1: Inkscape vulnerability

Javier Fern�ndez-Sanguino Pe�a discovered that Inkscape’s ps2epsi.sh script, which converts PostScript files to Encapsulated PostScript format, creates a temporary file in an insecure way. A local attacker could exploit this with a symlink attack to create or overwrite arbitrary files with the privileges of the user running Inkscape.

5 December 2005 | ubuntu-5.04

USN-222-1: Perl vulnerability

Jack Louis of Dyad Security discovered that Perl did not sufficiently check the explicit length argument in format strings. Specially crafted format strings with overly large length arguments led to a crash of the Perl interpreter or even to execution of arbitrary attacker-defined code with the privileges of the user running the…

2 December 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-221-1: racoon vulnerability

The Oulu University Secure Programming Group discovered a remote Denial of Service vulnerability in the racoon daemon. When the daemon is configured to use aggressive mode, then it did not check whether the peer sent all required payloads during the IKE negotiation phase. A malicious IPsec peer could exploit this to crash the racoon…

1 December 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10