These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-230-1: ffmpeg vulnerability

Simon Kilvington discovered a buffer overflow in the avcodec_default_get_buffer() function of the ffmpeg library. By tricking an user into opening a malicious movie which contains specially crafted PNG images, this could be exploited to execute arbitrary code with the user’s privileges.

15 December 2005 | ubuntu-5.04

USN-229-1: Zope vulnerability

Zope did not deactivate the file inclusion feature when exposing RestructuredText functionalities to untrusted users. A remote user with the privilege of editing Zope webpages with RestructuredText could exploit this to expose arbitrary files that can be read with the privileges of the Zope server, or execute arbitrary Zope code.

14 December 2005 | ubuntu-5.10

USN-228-1: curl library vulnerability

Stefan Esser discovered several buffer overflows in the handling of URLs. By attempting to load an URL with a specially crafted invalid hostname, a local attacker could exploit this to execute arbitrary code with the privileges of the application that uses the cURL library. It is not possible to trick cURL into loading a malicious URL with…

13 December 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-222-2: Perl vulnerability

USN-222-1 fixed a vulnerability in the Perl interpreter. It was discovered that the version of USN-222-1 was not sufficient to handle all possible cases of malformed input that could lead to arbitrary code execution, so another update is necessary. Original advisory: Jack Louis of Dyad Security discovered that Perl did not sufficiently check…

13 December 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-227-1: xpdf vulnerabilities

infamous41md discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, tetex-bin, KOffice, and kpdf. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document. The CUPS…

12 December 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-226-1: Courier vulnerability

Patrick Cheong Shu Yang discovered a flaw in the user account handling of courier-authdaemon. After successful authorization, the Courier mail server granted access to deactivated accounts.

10 December 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-225-1: Apache 2 vulnerability

A memory leak was found in the Apache 2 ‘worker’ module in the handling of aborted TCP connections. By repeatedly triggering this situation, a remote attacker could drain all available memory, which eventually led to a Denial of Service.

7 December 2005 | ubuntu-5.10, ubuntu-5.04, ubuntu-4.10

USN-224-1: Kerberos vulnerabilities

Ga�l Delalleau discovered a buffer overflow in the env_opt_add() function of the Kerberos 4 and 5 telnet clients. By sending specially crafted replies, a malicious telnet server could exploit this to execute arbitrary code with the privileges of the user running the telnet client. (CVE-2005-0468) Ga�l Delalleau discovered a buffer overflow in the…

6 December 2005 | ubuntu-5.04, ubuntu-4.10

USN-180-2: MySQL 4.1 vulnerability

USN-180-1 fixed a vulnerability in the mysql-server package (which ships version 4.0). Version 4.1 is vulnerable against the same flaw. Please note that this package is not officially supported in Ubuntu 5.10. Origial advisory: “AppSecInc Team SHATTER discovered a buffer overflow in the “CREATE FUNCTION” statement. By specifying a specially…

5 December 2005 | ubuntu-5.10

USN-223-1: Inkscape vulnerability

Javier Fern�ndez-Sanguino Pe�a discovered that Inkscape’s ps2epsi.sh script, which converts PostScript files to Encapsulated PostScript format, creates a temporary file in an insecure way. A local attacker could exploit this with a symlink attack to create or overwrite arbitrary files with the privileges of the user running Inkscape.

5 December 2005 | ubuntu-5.04