These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-56-1: exim4 vulnerabilities

A flaw has been found in the host_aton() function, which can overflow a buffer if it is presented with an illegal IPv6 address that has more than 8 components. When supplying certain command line parameters, the input was not checked, so that a local attacker could possibly exploit the buffer overflow to run arbitrary code with the privileges of…

7 January 2005 | ubuntu-4.10

USN-55-1: imlib2 vulnerabilities

Recently, Pavel Kankovsky discovered several buffer overflows in imlib which were fixed in USN-53-1. It was found that imlib2 was vulnerable to similar issues. If an attacker tricked a user into loading a malicious XPM or BMP image, he could exploit this to execute arbitrary code in the context of the user opening the image. These…

7 January 2005 | ubuntu-4.10

USN-54-1: TIFF library tool vulnerability

Dmitry V. Levin discovered a buffer overflow in the “tiffdump” utility. If an attacker tricked a user into processing a malicious TIFF image with tiffdump, they could cause a buffer overflow which at least causes the program to crash. However, it is not entirely clear whether this can be exploited to execute arbitrary code with the privileges of…

7 January 2005 | ubuntu-4.10

USN-53-1: imlib vulnerabilities

Pavel Kankovsky discovered several buffer overflows in imlib. If an attacker tricked a user into loading a malicious image, he could exploit this to execute arbitrary code in the context of the user opening the image.

29 December 2004 | ubuntu-4.10

USN-52-1: vim vulnerability

Ciaran McCreesh found several vulnerabilities related to the use of options in Vim modeline commands, such as ‘termcap’, ‘printdevice’, ‘titleold’, ‘filetype’, ‘syntax’, ‘backupext’, ‘keymap’, ‘patchmode’, and ‘langmenu’. If an attacker tricked an user to open a file with a specially crafted modeline, he could exploit this to execute arbitrary…

23 December 2004 | ubuntu-4.10

USN-51-1: teTeX auxiliary script vulnerability

Javier Fern�ndez-Sanguino Pe�a noticed that “xdvizilla”, an auxiliary script to integrate DVI file viewing in Mozilla-based browsers, created temporary files and directories in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program.

23 December 2004 | ubuntu-4.10

USN-50-1: CUPS vulnerabilities

CAN-2004-1125: The recent USN-48-1 fixed a buffer overflow in xpdf. Since CUPS contains xpdf code to convert incoming PDF files to the PostScript format, this vulnerability applies to cups as well. In this case it could even lead to privilege escalation: if an attacker submitted a malicious PDF file for printing, he could be able to…

23 December 2004 | ubuntu-4.10

USN-49-1: debmake vulnerability

Javier Fern�ndez-Sanguino Pe�a noticed that the debstd script from debmake, a deprecated helper package for Debian packaging, created temporary directories in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program.

23 December 2004 | ubuntu-4.10

USN-48-1: xpdf, tetex-bin vulnerabilities

A potential buffer overflow has been found in the xpdf viewer. An insufficient input validation could be exploited by an attacker providing a specially crafted PDF file which, when processed by xpdf, could result in abnormal program termination or the execution of attacker supplied program code with the user’s privileges. The tetex-bin package…

23 December 2004 | ubuntu-4.10

USN-47-1: Linux kernel vulnerabilities

Georgi Guninski discovered two Denial of Service vulnerabilities in the Linux kernel. An integer overflow in the vc_resize() function caused the memory allocation for the new screen being too short, thus causing a buffer overflow and a kernel crash. There was also a memory leak in the ip_options_get() function. Calling ip_cmsg_send() very often…

23 December 2004 | ubuntu-4.10