These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-151-3: zlib vulnerabilities

USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since aide is statically linked against the zlib library, it is also affected by these issues. The updated packagages have been rebuilt against the fixed zlib.

29 October 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-213-1: sudo vulnerability

Tavis Ormandy discovered a privilege escalation vulnerability in sudo. On executing shell scripts with sudo, the “P4” and “SHELLOPTS” environment variables were not cleaned properly. If sudo is set up to grant limited sudo privileges to normal users this could be exploited to run arbitrary commands as the target user. Updated packags for Ubuntu…

28 October 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-212-1: libgda2 vulnerability

Steve Kemp discovered two format string vulnerabilities in the logging handler of the Gnome database access library. Depending on the application that uses the library, this could have been exploited to execute arbitrary code with the permission of the user running the application.

28 October 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-211-1: Enigmail vulnerability

Hadmut Danish discovered an information disclosure vulnerability in the key selection dialog of the Mozilla/Thunderbird enigmail plugin. If a user’s keyring contained a key with an empty user id (i. e. a key without a name and email address), this key was selected by default when the user attempted to send an encrypted email. Unless this empty key…

20 October 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-210-1: netpbm vulnerability

A buffer overflow was found in the “pnmtopng” conversion program. By tricking an user (or automated system) to process a specially crafted PNM image with pnmtopng, this could be exploited to execute arbitrary code with the privileges of the user running pnmtopng.

18 October 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-209-1: SSH server vulnerability

An information disclosure vulnerability has been found in the SSH server. When the GSSAPIAuthentication option was enabled, the SSH server could send GSSAPI credentials even to users who attempted to log in with a method other than GSSAPI. This could inadvertently expose these credentials to an untrusted user. Please note that this does not…

18 October 2005 | ubuntu-5.04, ubuntu-4.10

USN-208-1: graphviz vulnerability

Javier Fern�ndez-Sanguino Pe�a discovered that the “dotty” tool created and used temporary files in an insecure way. A local attacker could exploit this with a symlink attack to create or overwrite arbitrary files with the privileges of the user running dotty.

17 October 2005 | ubuntu-5.04

USN-207-1: PHP vulnerability

A bug has been found in the handling of the open_basedir directive handling. Contrary to the specification, the value of open_basedir was handled as a prefix instead of a proper directory name even if it was terminated by a slash (‘/’). For example, this allowed PHP scripts to access the directory /home/user10 when open_basedir was configured to…

17 October 2005 | ubuntu-5.04, ubuntu-4.10

USN-206-1: Lynx vulnerability

Ulf Harnhammar discovered a remote vulnerability in Lynx when connecting to a news server (NNTP). The function that added missing escape chararacters to article headers did not check the size of the target buffer. Specially crafted news entries could trigger a buffer overflow, which could be exploited to execute arbitrary code with the privileges…

17 October 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-205-1: Curl and wget vulnerabilities

A buffer overflow has been found in the NTLM authentication handler of the Curl library and wget. By tricking an user or automatic system that uses the Curl library, the curl application, or wget into visiting a specially-crafted web site, a remote attacker could exploit this to execute arbitrary code with the privileges of the calling user. The…

14 October 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10