These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-47-1: Linux kernel vulnerabilities

Georgi Guninski discovered two Denial of Service vulnerabilities in the Linux kernel. An integer overflow in the vc_resize() function caused the memory allocation for the new screen being too short, thus causing a buffer overflow and a kernel crash. There was also a memory leak in the ip_options_get() function. Calling ip_cmsg_send() very often…

23 December 2004 | ubuntu-4.10

USN-46-1: TIFF library vulnerability

A buffer overflow was discovered in the TIFF library. A TIFF file includes a value indicating the number of “directory entry” header fields contained in the file. If this value is -1, an invalid memory allocation was performed. A malicious image could be constructed which, when decoded, would have resulted in execution of arbitrary code with the…

22 December 2004 | ubuntu-4.10

USN-45-1: nasm vulnerability

Jonathan Rockway discovered a locally exploitable buffer overflow in the error() function of nasm. If an attacker tricked a user into assembling a malicious source file, they could exploit this to execute arbitrary code with the privileges of the user that runs nasm.

22 December 2004 | ubuntu-4.10

USN-44-1: perl information leak

A race condition and possible information leak has been discovered in Perl’s File::Path::rmtree(). This function changes the permission of files and directories before removing them to avoid problems with wrong permissions. However, they were made readable and writable not only for the owner, but for the entire world, which opened a race condition…

21 December 2004 | ubuntu-4.10

USN-43-1: groff utility vulnerabilities

Javier Fern�ndez-Sanguino Pe�a discovered that the auxiliary scripts “eqn2graph” and “pic2graph” created temporary files in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the program.

21 December 2004 | ubuntu-4.10

USN-42-1: Xine library vulnerabilities

Several buffer overflows have been discovered in xine-lib, the video/audio codec library for Xine frontends (xine-ui, totem-xine, kaffeine, and others). If an attacker tricked a user into loading a malicious RTSP stream or a stream with specially crafted AIFF audio or PNM image data, they could exploit this to execute arbitrary code with the…

21 December 2004 | ubuntu-4.10

USN-41-1: Samba vulnerability

Greg MacManus discovered an integer overflow in Samba’s smbd daemon. Requesting a very large number of access control descriptors from the server caused an integer overflow, which resulted in a memory allocation being too short, thus causing a buffer overflow. By sending carefully crafted data, an attacker could exploit this to execute arbitrary…

18 December 2004 | ubuntu-4.10

USN-40-1: PHP vulnerabilities

Stefan Esser reported several buffer overflows in PHP’s variable unserializing handling. These could allow an attacker to execute arbitrary code on the server with the PHP interpreter’s privileges by sending specially crafted input strings (form data, cookie values, and similar). Additionally, Ilia Alshanetsky discovered a buffer overflow in…

17 December 2004 | ubuntu-4.10

USN-39-1: Linux amd64 kernel vulnerability

USN-30-1 fixed several flaws in the Linux ELF binary loader’s handling of setuid binaries. Unfortunately it was found that these patches were not sufficient to prevent all possible attacks on 64-bit platforms, so previous amd64 kernel images were still vulnerable to root privilege escalation if setuid binaries were run under certain…

17 December 2004 | ubuntu-4.10

USN-38-1: Linux kernel vulnerabilities

CAN-2004-0814: Vitaly V. Bursov discovered a Denial of Service vulnerability in the “serio” code; opening the same tty device twice and doing some particular operations on it caused a kernel panic and/or a system lockup. Fixing this vulnerability required a change in the Application Binary Interface (ABI) of the kernel. This means…

15 December 2004 | ubuntu-4.10