These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-70-1: Perl DBI module vulnerability

Javier Fern�ndez-Sanguino Pe�a from the Debian Security Audit Project discovered that the module DBI::ProxyServer in Perl’s DBI library created a PID file in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking a program using this module (like ‘dbiproxy’). Now…

26 January 2005 | ubuntu-4.10

USN-69-1: Evolution vulnerability

Max Vozeler discovered an integer overflow in camel-lock-helper. An user-supplied length value was not validated, so that a value of -1 caused a buffer allocation of 0 bytes; this buffer was then filled by an arbitrary amount of user-supplied data. A local attacker or a malicious POP3 server could exploit this to execute arbitrary code with root…

24 January 2005 | ubuntu-4.10

USN-68-1: enscript vulnerabilities

Erik Sj�lund discovered several vulnerabilities in enscript which could cause arbitrary code execution with the privileges of the user calling enscript. Quotes and other shell escape characters in titles and file names were not handled in previous versions. (CAN-2004-1184) Previous versions supported reading EPS data not only from a file,…

24 January 2005 | ubuntu-4.10

USN-67-1: Squid vulnerabilities

infamous41md discovered several Denial of Service vulnerabilities in squid. A malicious Gopher server could crash squid by sending a line bigger than 4096 bytes. (CAN-2005-0094) If squid is configured to send WCPP (Web Cache Communication Protocol) messages to a “home router”, an attacker who was able to send UDP packets with a forged source…

21 January 2005 | ubuntu-4.10

USN-66-1: PHP vulnerabilities

FraMe from kernelpanik.org reported that the cURL module does not respect open_basedir restrictions. As a result, scripts which used cURL to open files with an user-specified path could read arbitrary local files outside of the open_basedir directory. Stefano Di Paola discovered a vulnerability in PHP’s shmop_write() function. Its “offset”…

21 January 2005 | ubuntu-4.10

USN-65-1: Apache utility script vulnerability

Javier Fern�ndez-Sanguino Pe�a noticed that the “check_forensic” script created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program.

20 January 2005 | ubuntu-4.10

USN-64-1: xpdf, CUPS vulnerabilities

A buffer overflow has been found in the xpdf viewer. An insufficient input validation of the encryption key length could be exploited by an attacker providing a specially crafted PDF file which, when processed by xpdf, could result in abnormal program termination or the execution of attacker supplied program code with the user’s privileges. The…

19 January 2005 | ubuntu-4.10

USN-63-1: MySQL client vulnerability

Javier Fern�ndez-Sanguino Pe�a noticed that the “mysqlaccess” program created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program.

19 January 2005 | ubuntu-4.10

USN-62-1: imagemagick vulnerability

Andrei Nigmatulin discovered a potential buffer overflow in the PhotoShop Document image decoding function of ImageMagick. Decoding a malicious PSD image which specifies more than the allowed 24 channels might result in execution of arbitrary code with the user’s privileges. Since ImageMagick can be used in custom printing systems, this…

19 January 2005 | ubuntu-4.10

USN-61-1: vim vulnerabilities

Javier Fern�ndez-Sanguino Pe�a noticed that the auxillary scripts “tcltags” and “vimspell.sh” created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the script (either by calling it directly or by execution through vim).

19 January 2005 | ubuntu-4.10