These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-192-1: Squid vulnerability

Mike Diggins discovered a remote Denial of Service vulnerability in Squid. Sending specially crafted NTML authentication requests to Squid caused the server to crash.

1 October 2005 | ubuntu-5.04, ubuntu-4.10

USN-191-1: unzip vulnerability

Imran Ghory found a race condition in the handling of output files. While a file was unpacked by unzip, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the unzip user.

30 September 2005 | ubuntu-5.04, ubuntu-4.10

USN-190-1: SNMP vulnerability

A remote Denial of Service has been discovered in the SMNP (Simple Network Management Protocol) library. If a SNMP agent uses TCP sockets for communication, a malicious SNMP server could exploit this to crash the agent. Please note that by default SNMP uses UDP sockets.

30 September 2005 | ubuntu-5.04, ubuntu-4.10

USN-189-1: cpio vulnerabilities

Imran Ghory found a race condition in the handling of output files. While a file was unpacked with cpio, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the cpio user. (CAN-2005-1111) Imran Ghory discovered a path traversal vulnerability. Even when…

29 September 2005 | ubuntu-5.04, ubuntu-4.10

USN-188-1: AbiWord vulnerability

Chris Evans discovered a buffer overflow in the RTF import module of AbiWord. By tricking a user into opening an RTF file with specially crafted long identifiers, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user.

29 September 2005 | ubuntu-5.04, ubuntu-4.10

USN-187-1: Linux kernel vulnerabilities

A Denial of Service vulnerability was detected in the stack segment fault handler. A local attacker could exploit this by causing stack fault exceptions under special circumstances (scheduling), which lead to a kernel crash. (CAN-2005-1767) Vasiliy Averin discovered a Denial of Service vulnerability in the “tiocgdev” ioctl call and in the…

25 September 2005 | ubuntu-5.04, ubuntu-4.10

USN-186-2: Ubuntu 4.10 packages for USN-186-1 Firefox security update

USN-186-1 fixed several vulnerabilities in the Firefox browser for Ubuntu 5.04. This update provides fixed packages for Ubuntu 4.10, which was vulnerable to the same issues. The original advisory is available at http://www.ubuntu.com/usn/usn-186-1

25 September 2005 | ubuntu-4.10

USN-186-1: Mozilla and Firefox vulnerabilities

Peter Zelezny discovered that URLs which are passed to Firefox or Mozilla on the command line are not correctly protected against interpretation by the shell. If Firefox or Mozilla is configured as the default handler for URLs (which is the default in Ubuntu), this could be exploited to execute arbitrary code with user privileges by tricking the…

23 September 2005 | ubuntu-5.04, ubuntu-4.10

USN-185-1: CUPS vulnerability

A flaw was detected in the printer access control list checking in the CUPS server. Printer names were compared in a case sensitive manner; by modifying the capitalization of printer names, a remote attacker could circumvent ACLs and print to printers he should not have access to. The Ubuntu 5.04 version of cupsys is not vulnerable against this.

20 September 2005 | ubuntu-4.10

USN-184-1: umount vulnerability

David Watson discovered that “umount -r” removed some restrictive mount options like the “nosuid” flag. If /etc/fstab contains user-mountable removable devices which specify the “nosuid” flag (which is common practice for such devices), a local attacker could exploit this to execute arbitrary programs with root privileges by calling “umount -r” on…

19 September 2005 | ubuntu-5.04, ubuntu-4.10