These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-466-1: freetype vulnerability

Victor Stinner discovered that freetype did not correctly verify the number of points in a TrueType font. If a user were tricked into using a specially crafted font, a remote attacker could execute arbitrary code with user privileges.

30 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-465-1: PulseAudio vulnerability

Luigi Auriemma discovered multiple flaws in pulseaudio’s network processing code. If an unauthenticated attacker sent specially crafted requests to the pulseaudio daemon, it would crash, resulting in a denial of service.

25 May 2007 | ubuntu-7.04

USN-464-1: Linux kernel vulnerabilities

Philipp Richter discovered that the AppleTalk protocol handler did not sufficiently verify the length of packets. By sending a crafted AppleTalk packet, a remote attacker could exploit this to crash the kernel. (CVE-2007-1357) Gabriel Campana discovered that the do_ipv6_setsockopt() function did not sufficiently verifiy option values for…

24 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-463-1: vim vulnerability

Tomas Golembiovsky discovered that some vim commands were accidentally allowed in modelines. By tricking a user into opening a specially crafted file in vim, an attacker could execute arbitrary code with user privileges.

23 May 2007 | ubuntu-7.04, ubuntu-6.10

USN-462-1: PHP vulnerabilities

A flaw was discovered in the FTP command handler in PHP. Commands were not correctly filtered for control characters. An attacker could issue arbitrary FTP commands using specially crafted arguments. (CVE-2007-2509) Ilia Alshanetsky discovered a buffer overflow in the SOAP request handler in PHP. Remote attackers could send a specially…

22 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-460-2: Samba regression

USN-460-1 fixed several vulnerabilities in Samba. The upstream changes for CVE-2007-2444 had an unexpected side-effect in Feisty. Shares configured with the “force group” option no longer behaved correctly. This update corrects the problem. We apologize for the inconvenience. Original advisory details: Paul Griffith and Andrew Hogue…

22 May 2007 | ubuntu-7.04

USN-459-2: pptpd regression

USN-459-1 fixed vulnerabilities in pptpd. However, a portion of the fix caused a regression in session establishment under Dapper for certain PPTP clients. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the PPTP tunnel server. Remote attackers could send a specially…

21 May 2007 | ubuntu-6.06-lts

USN-436-2: KTorrent vulnerability

USN-436-1 fixed a vulnerability in KTorrent. The original fix for path traversal was incomplete, allowing for alternate vectors of attack. This update solves the problem. Original advisory details: Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent…

18 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-461-1: Quagga vulnerability

It was discovered that Quagga did not correctly verify length information sent from configured peers. Remote malicious peers could send a specially crafted UPDATE message which would cause bgpd to abort, leading to a denial of service.

17 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts

USN-460-1: Samba vulnerabilities

Paul Griffith and Andrew Hogue discovered that Samba did not fully drop root privileges while translating SIDs. A remote authenticated user could issue SMB operations during a small window of opportunity and gain root privileges. (CVE-2007-2444) Brian Schafer discovered that Samba did not handle NDR parsing correctly. A remote attacker…

16 May 2007 | ubuntu-7.04, ubuntu-6.10, ubuntu-6.06-lts