These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-37-1: cyrus21-imapd vulnerability

Recently another buffer overflow has been discovered in the SASL authentication module of the Cyrus IMAP server. An off-by-one comparison error in the mysasl_canon_user() function could lead to a missing termination of an user name string. This vulnerability could allow remote, attacker-supplied machine code to be executed in the context of the…

2 December 2004 | ubuntu-4.10

USN-36-1: NFS statd vulnerability

SGI discovered a remote Denial of Service vulnerability in the NFS statd server. statd did not ignore the “SIGPIPE” signal which caused it to shutdown if a misconfigured or malicious peer terminated the TCP connection prematurely.

1 December 2004 | ubuntu-4.10

USN-35-1: imagemagick vulnerabilities

Markus Meissner discovered several potential buffer overflows in some image decoding functions of ImageMagick. Decoding a malicious BMP or DIB image or AVI video might result in execution of arbitrary code with the user’s privileges. Since imagemagick can be used in custom printing systems, this also might lead to privilege escalation (execute…

1 December 2004 | ubuntu-4.10

USN-34-1: OpenSSH information leakage discovered two information leaks in the OpenSSH server. When using password authentication, an attacker could test whether a login name exists by measuring the time between failed login attempts, i. e. the time after which the “password:” prompt appears again. A similar issue affects systems which do not allow root logins…

30 November 2004 | ubuntu-4.10

USN-33-1: libgd vulnerabilities

CAN-2004-0990 described several buffer overflows which had been discovered in libgd’s PNG handling functions. Another update is required because the update from USN-21-1 was not sufficient to prevent every possible attack. If an attacker tricks a user into loading a malicious PNG or XPM image, they could leverage this into executing arbitrary…

30 November 2004 | ubuntu-4.10

USN-32-1: mysql vulnerabilities

Several vulnerabilities have been discovered in the MySQL database server. Lukasz Wojtow discovered a potential buffer overflow in the function mysql_real_connect(). A malicious name server could send specially crafted DNS packages which might result in execution of arbitrary code with the database server’s privileges. However, it is believed…

25 November 2004 | ubuntu-4.10

USN-31-1: cyrus21-imapd vulnerabilities

Stefan Esser discovered several buffer overflows in the Cyrus IMAP server. Due to insufficient checking within the argument parser of the “partial” and “fetch” commands, an argument like “body[p” was detected as “body.peek”. This could cause a buffer overflow which could be exploited to execute arbitrary attacker-supplied code. This update also…

24 November 2004 | ubuntu-4.10

USN-30-1: Linux kernel vulnerabilities

CAN-2004-0883, CAN-2004-0949: During an audit of the smb file system implementation within Linux, several vulnerabilities were discovered ranging from out of bounds read accesses to kernel level buffer overflows. To exploit any of these vulnerabilities, an attacker needs control over the answers of the connected Samba server. This…

19 November 2004 | ubuntu-4.10

USN-29-1: samba vulnerability

During an audit of the Samba 3.x code base Stefan Esser discovered a Unicode file name buffer overflow within the handling of TRANSACT2_QFILEPATHINFO replies. A malicious samba user with write access to a share could exploit this by creating specially crafted path names (files with very long names containing Unicode characters) that would overflow…

18 November 2004 | ubuntu-4.10

USN-28-1: sudo vulnerability

Liam Helmer discovered an input validation flaw in sudo. When the standard shell “bash” starts up, it searches the environment for variables with a value beginning with “()”. For each of these variables a function with the same name is created, with the function body filled in from the environment variable’s value. A malicious user with sudo…

18 November 2004 | ubuntu-4.10