These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-66-1: PHP vulnerabilities

FraMe from kernelpanik.org reported that the cURL module does not respect open_basedir restrictions. As a result, scripts which used cURL to open files with an user-specified path could read arbitrary local files outside of the open_basedir directory. Stefano Di Paola discovered a vulnerability in PHP’s shmop_write() function. Its “offset”…

21 January 2005 | ubuntu-4.10

USN-65-1: Apache utility script vulnerability

Javier Fern�ndez-Sanguino Pe�a noticed that the “check_forensic” script created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program.

20 January 2005 | ubuntu-4.10

USN-64-1: xpdf, CUPS vulnerabilities

A buffer overflow has been found in the xpdf viewer. An insufficient input validation of the encryption key length could be exploited by an attacker providing a specially crafted PDF file which, when processed by xpdf, could result in abnormal program termination or the execution of attacker supplied program code with the user’s privileges. The…

19 January 2005 | ubuntu-4.10

USN-63-1: MySQL client vulnerability

Javier Fern�ndez-Sanguino Pe�a noticed that the “mysqlaccess” program created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program.

19 January 2005 | ubuntu-4.10

USN-62-1: imagemagick vulnerability

Andrei Nigmatulin discovered a potential buffer overflow in the PhotoShop Document image decoding function of ImageMagick. Decoding a malicious PSD image which specifies more than the allowed 24 channels might result in execution of arbitrary code with the user’s privileges. Since ImageMagick can be used in custom printing systems, this…

19 January 2005 | ubuntu-4.10

USN-61-1: vim vulnerabilities

Javier Fern�ndez-Sanguino Pe�a noticed that the auxillary scripts “tcltags” and “vimspell.sh” created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the script (either by calling it directly or by execution through vim).

19 January 2005 | ubuntu-4.10

USN-60-0: Linux kernel vulnerabilities

CAN-2005-0001: Paul Starzetz discovered a race condition in the Linux page fault handler code. This allowed an unprivileged user to gain root privileges on multiprocessor machines under some circumstances. This also affects the Hyper-Threading mode on Pentium 4…

14 January 2005 | ubuntu-4.10

USN-59-1: mailman vulnerabilities

Florian Weimer discovered a cross-site scripting vulnerability in mailman’s automatically generated error messages. An attacker could craft an URL containing JavaScript (or other content embedded into HTML) which triggered a mailman error page. When an unsuspecting user followed this URL, the malicious content was copied unmodified to the error…

11 January 2005 | ubuntu-4.10

USN-58-1: MIT Kerberos server vulnerability

Michael Tautschnig discovered a possible buffer overflow in the add_to_history() function in the MIT Kerberos 5 implementation. Performing a password change did not properly track the password policy’s history count and the maximum number of keys. This could cause an array overflow and may have allowed authenticated users (not necessarily one with…

10 January 2005 | ubuntu-4.10

USN-57-1: Linux kernel vulnerabilities

Paul Starzetz discovered a race condition in the ELF library and a.out binary format loaders, which can be locally exploited in several different ways to gain root privileges. (CAN-2004-1235) Liang Bin found a design flaw in the capability module. After this module was loaded on demand in a running system, all unprivileged user space processes…

9 January 2005 | ubuntu-4.10