These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-32-1: mysql vulnerabilities

Several vulnerabilities have been discovered in the MySQL database server. Lukasz Wojtow discovered a potential buffer overflow in the function mysql_real_connect(). A malicious name server could send specially crafted DNS packages which might result in execution of arbitrary code with the database server’s privileges. However, it is believed…

25 November 2004 | ubuntu-4.10

USN-31-1: cyrus21-imapd vulnerabilities

Stefan Esser discovered several buffer overflows in the Cyrus IMAP server. Due to insufficient checking within the argument parser of the “partial” and “fetch” commands, an argument like “body[p” was detected as “body.peek”. This could cause a buffer overflow which could be exploited to execute arbitrary attacker-supplied code. This update also…

24 November 2004 | ubuntu-4.10

USN-30-1: Linux kernel vulnerabilities

CAN-2004-0883, CAN-2004-0949: During an audit of the smb file system implementation within Linux, several vulnerabilities were discovered ranging from out of bounds read accesses to kernel level buffer overflows. To exploit any of these vulnerabilities, an attacker needs control over the answers of the connected Samba server. This…

19 November 2004 | ubuntu-4.10

USN-29-1: samba vulnerability

During an audit of the Samba 3.x code base Stefan Esser discovered a Unicode file name buffer overflow within the handling of TRANSACT2_QFILEPATHINFO replies. A malicious samba user with write access to a share could exploit this by creating specially crafted path names (files with very long names containing Unicode characters) that would overflow…

18 November 2004 | ubuntu-4.10

USN-28-1: sudo vulnerability

Liam Helmer discovered an input validation flaw in sudo. When the standard shell “bash” starts up, it searches the environment for variables with a value beginning with “()”. For each of these variables a function with the same name is created, with the function body filled in from the environment variable’s value. A malicious user with sudo…

18 November 2004 | ubuntu-4.10

USN-27-1: libxpm4 vulnerability

Chris Evans discovered several stack overflows in the versions of libXpm shipped by X.Org, XFree86, and LessTif. These overflows were fixed in the Warty development tree before its release. Mathieu Herrb of OpenBSD subsequently discovered that the original patch was insufficient to address these overflows, and thus the version of libxpm4 shipped…

18 November 2004 | ubuntu-4.10

USN-26-1: bogofilter vulnerability

Antti-Juhani Kaijanaho discovered a Denial of Service vulnerability in bogofilter. The quoted-printable decoder handled certain Base-64 encoded strings in an invalid way which caused a buffer overflow and an immediate program abort. The exact impact depends on the way bogofilter is integrated into the system. In common setups, the mail that…

17 November 2004 | ubuntu-4.10

USN-25-1: libgd2 vulnerability

CAN-2004-0990 described several more buffer overflows which had been discovered in libgd2’s PNG handling functions. However, it was determined that the update from USN-11-1 was not sufficient to prevent every possible attack, so another update is required. If an attacker tricked a user into loading a malicious PNG image, they could leverage this…

16 November 2004 | ubuntu-4.10

USN-24-1: openssl script vulnerability

Recently, Trustix Secure Linux discovered a vulnerability in the openssl package. The auxiliary script “der_chop” created temporary files in an insecure way, which could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program.

12 November 2004 | ubuntu-4.10

USN-23-1: apache2 vulnerability

Chintan Trivedi discovered a Denial of Service vulnerability in apache2. The field length limit was not enforced for certain malicious requests. This could allow a remote attacker who is able to send large amounts of data to a server to cause HTTP server instances to consume proportional amounts of memory, which can render the service unavailable.

12 November 2004 | ubuntu-4.10