These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-151-2: zlib vulnerabilities

USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Most applications use the shared library provided by the “zlib1g” package; however, some packages contain copies of the affected zlib code, so they need to be upgraded…

23 July 2005 | ubuntu-5.04, ubuntu-4.10

USN-152-1: PAM/NSS LDAP vulnerabilitiy

Andrea Barisani discovered a flaw in the SSL handling of pam-ldap and libnss-ldap. When a client connected to a slave LDAP server using SSL, the slave server did not use SSL as well when contacting the LDAP master server. This caused passwords and other confident information to be transmitted unencrypted between the slave and the master.

21 July 2005 | ubuntu-5.04, ubuntu-4.10

USN-151-1: zlib vulnerability

USN-148-1 fixed an improver input verification of zlib (CAN-2005-2096). Markus Oberhumer discovered additional ways a disrupted stream could trigger a buffer overflow and crash the application using zlib, so another update is necessary. zlib is used by hundreds of server and client applications, so this vulnerability could be exploited to cause…

21 July 2005 | ubuntu-5.04, ubuntu-4.10

USN-150-1: KDE library vulnerability

Kate and Kwrite create a backup file before saving a modified file. These backup files were created with default permissions, even if the original file had more strict permissions set, so that other local users could possibly read the backup file even if they are not permitted to read the original file.

21 July 2005 | ubuntu-5.04

USN-149-1: Firefox vulnerabilities reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious web site to spoof the contents of other web sites. (CAN-2005-1937) In several places the browser user interface did not correctly distinguish between true user events,…

21 July 2005 | ubuntu-5.04

USN-147-2: Fixed php4-pear packages for USN-147-1

USN-147-1 [1] fixed a remote code execution vulnerability in the XMLRPC module of the PEAR library. Unfortunately the packages announced in USN-147-1 were faulty and shipped broken xmlrpc modules. The updated packages ship correct modules. We apologize for the inconvenience. [1]

6 July 2005 | ubuntu-5.04, ubuntu-4.10

USN-148-1: zlib vulnerability

Tavis Ormandy discovered that zlib did not properly verify data streams. Decompressing certain invalid compressed files caused corruption of internal data structures, which caused applications which link to zlib to crash. Specially crafted input might even have allowed arbitrary code execution. zlib is used by hundreds of server and client…

6 July 2005 | ubuntu-5.04, ubuntu-4.10

USN-147-1: PHP XMLRPC vulnerability

A remote code execution vulnerability has been discovered in the XMLRPC module of the PEAR (PHP Extension and Application Repository) extension of PHP. By sending specially crafted XMLRPC requests to an affected web server, a remote attacker could exploit this to execute arbitrary code with the web server’s privileges. In Ubuntu 5.04 (Hoary…

5 July 2005 | ubuntu-5.04, ubuntu-4.10

USN-146-1: Ruby vulnerability

Nobuhiro IMAI discovered that the changed default value of the Module#public_instance_methods() method broke the security protection of XMLRPC server handlers. A remote attacker could exploit this to execute arbitrary commands on an XMLRPC server.

29 June 2005 | ubuntu-5.04, ubuntu-4.10

USN-145-1: wget vulnerabilities

Jan Minar discovered a path traversal vulnerability in wget. If the name “..” was a valid host name (which can be achieved with a malicious or poisoned domain name server), it was possible to trick wget into creating downloaded files into arbitrary locations with arbitrary names. For example, wget could silently overwrite the users ~/.bashrc and…

28 June 2005 | ubuntu-5.04, ubuntu-4.10