Ubuntu security notices
These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.
You can also view the latest notices by subscribing to the RSS 
or the Atom feeds.
USN-1801-1: curl vulnerability - 15th April 2013
YAMADA Yasuharu discovered that libcurl was vulnerable to a cookie leak when doing requests across domains with matching tails. curl did not properly restrict cookies to domains and subdomains. If a user or automated system were tricked into processing a specially crafted URL, an attacker could read cookie values stored ...
USN-1789-1: PostgreSQL vulnerabilities - 4th April 2013
Mitsumasa Kondo and Kyotaro Horiguchi discovered that PostgreSQL incorrectly handled certain connection requests containing database names starting with a dash. A remote attacker could use this flaw to damage or destroy files within a server's data directory. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. ...
USN-1785-1: poppler vulnerabilities - 2nd April 2013
It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program.
USN-1784-1: libxslt vulnerability - 2nd April 2013
Nicholas Gregoire discovered that libxslt incorrectly handled certain empty values. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service.
USN-1782-1: libxml2 vulnerability - 28th March 2013
It was discovered that libxml2 incorrectly handled XML entity expansion. An attacker could use this flaw to cause libxml2 to consume large amounts of resources, resulting in a denial of service.
USN-1770-1: Perl vulnerability - 19th March 2013
Yves Orton discovered that Perl incorrectly handled hashing when using user-provided hash keys. An attacker could use this flaw to perform a denial of service attack against software written in Perl.
USN-1765-1: Apache HTTP Server vulnerabilities - 18th March 2013
Niels Heinen discovered that multiple modules incorrectly sanitized certain strings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to ...
USN-1761-1: PHP vulnerability - 13th March 2013
It was discovered that PHP incorrectly handled XML external entities in SOAP WSDL files. A remote attacker could use this flaw to read arbitrary files off the server.
USN-1754-1: Sudo vulnerability - 28th February 2013
Marco Schoepl discovered that Sudo incorrectly handled time stamp files when the system clock is set to epoch. A local attacker could use this issue to run Sudo commands without a password prompt.
USN-1752-1: GnuTLS vulnerability - 27th February 2013
Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.
USN-1732-1: OpenSSL vulnerabilities - 21st February 2013
Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2012-2686) Stephen Henson discovered ...
USN-1717-1: PostgreSQL vulnerability - 12th February 2013
Sumit Soni discovered that PostgreSQL incorrectly handled calling a certain internal function with invalid arguments. An authenticated attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service.
USN-1686-1: FreeType vulnerabilities - 14th January 2013
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
USN-1682-1: GnuPG vulnerability - 9th January 2013
KB Sriram discovered that GnuPG incorrectly handled certain malformed keys. If a user or automated system were tricked into importing a malformed key, the GnuPG keyring could become corrupted.
USN-1589-2: GNU C Library regression - 17th December 2012
USN-1589-1 fixed vulnerabilities in the GNU C Library. One of the updates exposed a regression in the floating point parser. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that positional arguments to the printf() family of functions were not handled properly in ...
USN-1660-1: Linux kernel vulnerability - 10th December 2012
Zhang Zuotao discovered a bug in the Linux kernel's handling of overlapping fragments in ipv6. A remote attacker could exploit this flaw to bypass firewalls and initial new network connections that should have been blocked by the firewall.
USN-1656-1: Libxml2 vulnerability - 5th December 2012
It was discovered that libxml2 had a heap-based buffer underflow when parsing entities. If a user or automated system were tricked into processing a specially crafted XML document, applications linked against libxml2 could be made to crash or possibly execute arbitrary code.
USN-1655-1: LibTIFF vulnerability - 5th December 2012
It was discovered that LibTIFF incorrectly handled certain malformed images using the DOTRANGE tag. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
USN-1654-1: CUPS vulnerability - 5th December 2012
It was discovered that users in the lpadmin group could modify certain CUPS configuration options to escalate privileges. An attacker could use this to potentially gain root privileges.
USN-1650-1: Linux kernel vulnerability - 30th November 2012
Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
USN-1643-1: Perl vulnerabilities - 29th November 2012
It was discovered that the decode_xs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. (CVE-2011-2939) It was discovered that the 'new' constructor in the Digest module is vulnerable to ...
USN-1631-1: LibTIFF vulnerabilities - 15th November 2012
It was discovered that LibTIFF incorrectly handled certain malformed images using the PixarLog compression format. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user ...
USN-1627-1: Apache HTTP Server vulnerabilities - 8th November 2012
It was discovered that the mod_negotiation module incorrectly handled certain filenames, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this ...
USN-1613-2: Python 2.4 vulnerabilities - 17th October 2012
USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. Original advisory details: It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary ...
CVE-2008-5983 CVE-2010-1634 CVE-2010-2089 CVE-2010-3493 CVE-2011-1015 CVE-2011-1521 CVE-2011-4940 CVE-2011-4944 CVE-2012-0845 CVE-2012-0876 CVE-2012-1148
USN-1613-1: Python 2.5 vulnerabilities - 17th October 2012
It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user ...
CVE-2008-5983 CVE-2010-1634 CVE-2010-2089 CVE-2010-3493 CVE-2011-1015 CVE-2011-1521 CVE-2011-4940 CVE-2011-4944 CVE-2012-0845 CVE-2012-0876 CVE-2012-1148
USN-1601-1: Bind vulnerability - 10th October 2012
Jake Montgomery discovered that Bind incorrectly handled certain specific combinations of RDATA. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.
USN-1598-1: Linux kernel vulnerability - 9th October 2012
An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges.
USN-1595-1: libxslt vulnerabilities - 4th October 2012
Chris Evans discovered that libxslt incorrectly handled generate-id XPath functions. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could obtain potentially sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2011-1202) It was discovered ...
CVE-2011-1202 CVE-2011-3970 CVE-2012-2825 CVE-2012-2870 CVE-2012-2871 CVE-2012-2893
USN-1576-2: DBus regressions - 4th October 2012
USN-1576-1 fixed vulnerabilities in DBus. The update caused a regression for certain services launched from the activation helper, and caused an unclean shutdown on upgrade. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with ...
USN-1589-1: GNU C Library vulnerabilities - 1st October 2012
It was discovered that positional arguments to the printf() family of functions were not handled properly in the GNU C Library. An attacker could possibly use this to cause a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406) It was discovered that ...
USN-1587-1: libxml2 vulnerability - 27th September 2012
Juri Aedla discovered that libxml2 incorrectly handled certain memory operations. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
USN-1581-1: Ghostscript vulnerability - 24th September 2012
Marc Schönefeld discovered that Ghostscript did not correctly handle certain image files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges.
USN-1576-1: DBus vulnerability - 20th September 2012
Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges.
USN-1570-1: GnuPG vulnerability - 17th September 2012
It was discovered that GnuPG used a short ID when downloading keys from a keyserver, even if a long ID was requested. An attacker could possibly use this to return a different key with a duplicate short key id.
USN-1569-1: PHP vulnerabilities - 17th September 2012
It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially-crafted URL and inject arbitrary headers. (CVE-2011-1398, CVE-2012-4388) It was discovered that PHP incorrectly handled directories with a large number of files. This could allow a remote attacker to ...
USN-1566-1: Bind vulnerability - 13th September 2012
It was discovered that Bind incorrectly handled certain specially crafted long resource records. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.
USN-1546-1: libgc vulnerability - 28th August 2012
It was discovered that multiple integer overflows existed in the malloc and calloc implementations in the Boehm-Demers-Weiser garbage collecting memory allocator (libgc). These could allow an attacker to cause a denial of service or possibly execute arbitrary code.
USN-1542-1: PostgreSQL vulnerabilities - 20th August 2012
Peter Eisentraut discovered that the XSLT functionality in the optional XML2 extension would allow unprivileged database users to both read and write data with the privileges of the database server. (CVE-2012-3488) Noah Misch and Tom Lane discovered that the XML functionality in the optional XML2 extension would allow unprivileged database ...
USN-1527-1: Expat vulnerabilities - 9th August 2012
It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered ...
USN-1513-1: libexif vulnerabilities - 23rd July 2012
Mateusz Jurczyk discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly obtain sensitive information. (CVE-2012-2812, CVE-2012-2813) Mateusz Jurczyk discovered that ...
CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841
USN-1511-1: tiff vulnerability - 19th July 2012
Huzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
USN-1507-1: Linux kernel vulnerabilities - 16th July 2012
A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. (CVE-2012-1601) An error was found in the Linux kernel's IPv6 netfilter when connection tracking is enabled. A ...
USN-1498-1: tiff vulnerabilities - 5th July 2012
It was discovered that the TIFF library incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2012-2088) ...
USN-1493-1: Linux kernel vulnerabilities - 29th June 2012
Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. (CVE-2012-2313) Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to ...
USN-1481-1: PHP vulnerabilities - 19th June 2012
It was discovered that PHP incorrectly handled certain Tidy::diagnose operations on invalid objects. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. (CVE-2012-0781) It was discovered that PHP incorrectly handled certain multi-file upload filenames. A remote attacker could use this flaw ...
CVE-2012-0781 CVE-2012-1172 CVE-2012-2143 CVE-2012-2317 CVE-2012-2335 CVE-2012-2336 CVE-2012-2386
USN-1477-1: APT vulnerability - 15th June 2012
Georgi Guninski discovered that APT did not properly validate imported keyrings via apt-key net-update. USN-1475-1 added additional verification for imported keyrings, but it was insufficient. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the ...
USN-1475-1: APT update - 14th June 2012
Georgi Guninski discovered that APT relied on GnuPG argument order and did not check GPG subkeys when validating imported keyrings via apt-key net-update. While it appears that a man-in-the-middle attacker cannot exploit this, as a hardening measure this update adjusts apt-key to validate all subkeys when checking for key collisions.
USN-1467-1: MySQL vulnerabilities - 11th June 2012
It was discovered that certain builds of MySQL incorrectly handled password authentication on certain platforms. A remote attacker could use this issue to authenticate with an arbitrary password and establish a connection. (CVE-2012-2122) MySQL has been updated to 5.5.24 in Ubuntu 12.04 LTS. Ubuntu 10.04 LTS, Ubuntu 11.04 and Ubuntu ...
USN-1462-1: Bind vulnerabilities - 5th June 2012
Dan Luther discovered that Bind incorrectly handled zero length rdata fields. A remote attacker could use this flaw to cause Bind to crash or behave erratically, resulting in a denial of service. (CVE-2012-1667) It was discovered that Bind incorrectly handled revoked domain names. A remote attacker could use this flaw ...
USN-1461-1: PostgreSQL vulnerabilities - 5th June 2012
It was discovered that PostgreSQL incorrectly handled certain bytes passed to the crypt() function when using DES encryption. An attacker could use this flaw to incorrectly handle authentication. (CVE-2012-2143) It was discovered that PostgreSQL incorrectly handled SECURITY DEFINER and SET attributes on procedural call handlers. An attacker could use this ...