These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-41-1: Samba vulnerability

Greg MacManus discovered an integer overflow in Samba’s smbd daemon. Requesting a very large number of access control descriptors from the server caused an integer overflow, which resulted in a memory allocation being too short, thus causing a buffer overflow. By sending carefully crafted data, an attacker could exploit this to execute arbitrary…

18 December 2004 | ubuntu-4.10

USN-40-1: PHP vulnerabilities

Stefan Esser reported several buffer overflows in PHP’s variable unserializing handling. These could allow an attacker to execute arbitrary code on the server with the PHP interpreter’s privileges by sending specially crafted input strings (form data, cookie values, and similar). Additionally, Ilia Alshanetsky discovered a buffer overflow in…

17 December 2004 | ubuntu-4.10

USN-39-1: Linux amd64 kernel vulnerability

USN-30-1 fixed several flaws in the Linux ELF binary loader’s handling of setuid binaries. Unfortunately it was found that these patches were not sufficient to prevent all possible attacks on 64-bit platforms, so previous amd64 kernel images were still vulnerable to root privilege escalation if setuid binaries were run under certain…

17 December 2004 | ubuntu-4.10

USN-38-1: Linux kernel vulnerabilities

CAN-2004-0814: Vitaly V. Bursov discovered a Denial of Service vulnerability in the “serio” code; opening the same tty device twice and doing some particular operations on it caused a kernel panic and/or a system lockup. Fixing this vulnerability required a change in the Application Binary Interface (ABI) of the kernel. This means…

15 December 2004 | ubuntu-4.10

USN-37-1: cyrus21-imapd vulnerability

Recently another buffer overflow has been discovered in the SASL authentication module of the Cyrus IMAP server. An off-by-one comparison error in the mysasl_canon_user() function could lead to a missing termination of an user name string. This vulnerability could allow remote, attacker-supplied machine code to be executed in the context of the…

2 December 2004 | ubuntu-4.10

USN-36-1: NFS statd vulnerability

SGI discovered a remote Denial of Service vulnerability in the NFS statd server. statd did not ignore the “SIGPIPE” signal which caused it to shutdown if a misconfigured or malicious peer terminated the TCP connection prematurely.

1 December 2004 | ubuntu-4.10

USN-35-1: imagemagick vulnerabilities

Markus Meissner discovered several potential buffer overflows in some image decoding functions of ImageMagick. Decoding a malicious BMP or DIB image or AVI video might result in execution of arbitrary code with the user’s privileges. Since imagemagick can be used in custom printing systems, this also might lead to privilege escalation (execute…

1 December 2004 | ubuntu-4.10

USN-34-1: OpenSSH information leakage

@Mediaservice.net discovered two information leaks in the OpenSSH server. When using password authentication, an attacker could test whether a login name exists by measuring the time between failed login attempts, i. e. the time after which the “password:” prompt appears again. A similar issue affects systems which do not allow root logins…

30 November 2004 | ubuntu-4.10

USN-33-1: libgd vulnerabilities

CAN-2004-0990 described several buffer overflows which had been discovered in libgd’s PNG handling functions. Another update is required because the update from USN-21-1 was not sufficient to prevent every possible attack. If an attacker tricks a user into loading a malicious PNG or XPM image, they could leverage this into executing arbitrary…

30 November 2004 | ubuntu-4.10

USN-32-1: mysql vulnerabilities

Several vulnerabilities have been discovered in the MySQL database server. Lukasz Wojtow discovered a potential buffer overflow in the function mysql_real_connect(). A malicious name server could send specially crafted DNS packages which might result in execution of arbitrary code with the database server’s privileges. However, it is believed…

25 November 2004 | ubuntu-4.10