These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-339-1: OpenSSL vulnerability

Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of Google Security discovered that the OpenSSL library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key.

5 September 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-338-1: MySQL vulnerabilities

Dmitri Lenev discovered that arguments of setuid SQL functions were evaluated in the security context of the functions’ definer instead of its caller. An authenticated user with the privilege to call such a function could exploit this to execute arbitrary statements with the privileges of the definer of that function. (CVE-2006-4227) Peter…

5 September 2006 | ubuntu-6.06-lts

USN-337-1: imagemagick vulnerability

Damian Put discovered a buffer overflow in imagemagick’s SGI file format decoder. By tricking an user or automated system into processing a specially crafted SGI image, this could be exploited to execute arbitrary code with the user’s privileges.

17 August 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-336-1: binutils vulnerability

A buffer overflow was discovered in gas (the GNU assembler). By tricking an user or automated system (like a compile farm) into assembling a specially crafted source file with gcc or gas, this could be exploited to execute arbitrary code with the user’s privileges.

17 August 2006 | ubuntu-5.10, ubuntu-5.04

USN-335-1: heartbeat vulnerability

Yan Rong Ge discovered that heartbeat did not sufficiently verify some packet input data, which could lead to an out-of-boundary memory access. A remote attacker could exploit this to crash the daemon (Denial of Service).

16 August 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-334-1: krb5 vulnerabilities

Michael Calmer and Marcus Meissner discovered that several krb5 tools did not check the return values from setuid() system calls. On systems that have configured user process limits, it may be possible for an attacker to cause setuid() to fail via resource starvation. In that situation, the tools will not reduce their privilege levels, and…

16 August 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-333-1: libwmf vulnerability

An integer overflow was found in the handling of the MaxRecordSize field in the WMF header parser. By tricking a user into opening a specially crafted WMF image file with an application that uses this library, an attacker could exploit this to execute arbitrary code with the user’s privileges.

9 August 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-332-1: gnupg vulnerability

Evgeny Legerov discovered that gnupg did not sufficiently check the validity of the comment and a control field. Specially crafted GPG data could cause a buffer overflow. This could be exploited to execute arbitrary code with the user’s privileges if an attacker can trick an user into processing a malicious encrypted/signed document with gnupg.

3 August 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04

USN-331-1: Linux kernel vulnerabilities

A Denial of service vulnerability was reported in iptables’ SCTP conntrack module. On computers which use this iptables module, a remote attacker could expoit this to trigger a kernel crash. (CVE-2006-2934) A buffer overflow has been discovered in the dvd_read_bca() function. By inserting a specially crafted DVD, USB stick, or…

3 August 2006 | ubuntu-6.06-lts

USN-330-1: tiff vulnerabilities

Tavis Ormandy discovered that the TIFF library did not sufficiently check handled images for validity. By tricking an user or an automated system into processing a specially crafted TIFF image, an attacker could exploit these weaknesses to execute arbitrary code with the target application’s privileges. This library is used in many client and…

3 August 2006 | ubuntu-6.06-lts, ubuntu-5.10, ubuntu-5.04