Ubuntu Security Notice USN-244-1 - Multiple Linux kernel vulnerabilities.
e96f47154ea507f1faed9c56fa4cfe5cbd84ece1d44d6f96c2a1e958a73e01a1Ubuntu Security Notice USN-245-1 - Maksim Orlovich discovered that kjs, the Javascript interpreter engine used by Konqueror and other parts of KDE, did not sufficiently verify the validity of UTF-8 encoded URIs. Specially crafted URIs could trigger a buffer overflow.
137d1369fa980e9e557cf30490ce57d1b20d218f248ea94f0754accf74da61c1Ubuntu Security Notice USN-218-1 - Two buffer overflows were discovered in the 'pnmtopng' tool, which were triggered by processing an image with exactly 256 colors when using the -alpha option (CVE-2005-3662) or by processing a text file with very long lines when using the -text option (CVE-2005-3632).
186205740c073a6c3a2123b8b2b81ee862292ac19e01abb4acb5c901ee7951e5Ubuntu Security Notice USN-217-1 - A buffer overflow has been discovered in the SVG importer of Inkscape. By tricking an user into opening a specially crafted SVG image this could be exploited to execute arbitrary code with the privileges of the Inkscape user.
8cad225daf417b8629396e73ffb925a33dbee577c4002c58f3df767d93220abcUbuntu Security Notice USN-190-2 - USN-190-1 fixed a vulnerability in the net-snmp library. It was discovered that the same problem also affects the ucs-snmp implementation (which is used by the Cyrus email server).
71f0daa8f76924288d470abcd943995a73a608b6cc3c2eafde32a49b0775a60fUbuntu Security Notice USN-151-4 - USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since lsb-rpm is statically linked against the zlib library, it is also affected by these issues. The updated packages have been rebuilt against the fixed zlib.
1b544a04d39a8e0c1931a5d95ffca15fa1c6e2f736889f0d0e654b9062a98680Ubuntu Security Notice USN-215-1 - Thomas Wolff and Miloslav Trmac discovered a race condition in the fetchmailconf program. The output configuration file was initially created with insecure permissions, and secure permissions were applied after writing the configuration into the file. During this time, the file was world readable on a standard system (unless the user manually tightened his umask setting), which could expose email passwords to local users.
6623623dafd34401f8c96868a18ded75da8c838542b53142fe1c1ed8ae52e8feUbuntu Security Notice USN-214-1 - Chris Evans discovered several buffer overflows in the libungif library. By tricking an user (or automated system) into processing a specially crafted GIF image, this could be exploited to execute arbitrary code with the privileges of the application using libungif.
ccbe3257524d3fdb082a6e5a23209acfa63fb1f6a865fc10270711e1b6b6c566Ubuntu Security Notice USN-210-1 - A buffer overflow was found in the "pnmtopng" conversion program. By tricking an user (or automated system) to process a specially crafted PNM image with pnmtopng, this could be exploited to execute arbitrary code with the privileges of the user running pnmtopng.
e8c7ce7d86f898ba4ab2ed0d8d231d930fc18255b947d73a0f13e9fe292e29c2Ubuntu Security Notice USN-208-1 - An information disclosure vulnerability has been found in the SSH server. When the GSSAPIAuthentication option was enabled, the SSH server could send GSSAPI credentials even to users who attempted to log in with a method other than GSSAPI. This could inadvertently expose these credentials to an untrusted user.
b24947e48e021abe6262e9d8879719d4f81e60d88671e9c6d9843103b15efe52Ubuntu Security Notice USN-207-1 - A bug has been found in the handling of the open_basedir directive handling. Contrary to the specification, the value of open_basedir was handled as a prefix instead of a proper directory name even if it was terminated by a slash ('/'). For example, this allowed PHP scripts to access the directory /home/user10 when open_basedir was configured to '/home/user1/'.
c852c01ceef1f4598383b83e3061e4f73f06ed53f1c9dbf279fb79d5d0054245Ubuntu Security Notice USN-206-1 - Ulf Harnhammar discovered a remote vulnerability in Lynx when connecting to a news server (NNTP). The function that added missing escape chararacters to article headers did not check the size of the target buffer. Specially crafted news entries could trigger a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the user running lynx. In order to exploit this, the user is not even required to actively visit a news site with Lynx since a malicious HTML page could automatically redirect to an nntp:// URL with malicious news items.
4b6361b06b6efcaf52522e3904afc75117232a9f7bf5c7fb14936353de5f181dUbuntu Security Notice USN-204-1 - Yutaka Oiwa discovered a possible cryptographic weakness in OpenSSL applications. Applications using the OpenSSL library can use the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or SSL_OP_ALL, which implies the former) to maintain compatibility with third party products, which is achieved by working around known bugs in them.
33d74febe976b92e71fbcce56756131cfefa799708b336adad778a3b248b3a90Ubuntu Security Notice USN-192-1 - Mike Diggins discovered a remote Denial of Service vulnerability in Squid. Sending specially crafted NTML authentication requests to Squid caused the server to crash.
6351468586402308f11c910517aa06ab3eea37233a1683741efe82c0e6114fb0Ubuntu Security Notice USN-191-1 - Imran Ghory found a race condition in the handling of output files. While a file was unpacked by unzip, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the unzip user.
ed9a1f90290852ec941b8400ffd304b53a92ab16b5dddd72f4560488188de3efUbuntu Security Notice USN-190-1 - A remote Denial of Service has been discovered in the SNMP (Simple Network Management Protocol) library. If a SNMP agent uses TCP sockets for communication, a malicious SNMP server could exploit this to crash the agent. Please note that by default SNMP uses UDP sockets.
7531bc6af03f4213812828668652a4c671c3d299d4de0befe4fc3f627af2c9b2Ubuntu Security Notice USN-189-1 - Imran Ghory found a race condition in the handling of output files. While a file was unpacked with cpio, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the cpio user. (CVE-2005-1111) Imran Ghory also discovered a path traversal vulnerability. Even when the --no-absolute-filenames option was specified, cpio did not filter out ".." path components. By tricking an user into unpacking a malicious cpio archive, this could be exploited to install files in arbitrary paths with the privileges of the user calling cpio. (CVE-2005-1229)
6c020b860f3162b5c142afd08d7d2ed80874cb3d6613efa8875483bac869d12aiUbuntu Security Notice USN-188-1 - Chris Evans discovered a buffer overflow in the RTF import module of AbiWord. By tricking a user into opening an RTF file with specially crafted long identifiers, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user.
01e1e78f8d01e887963d5567608c06a38b95c46065fb9fc107226f520f9b148bUbuntu Security Notice USN-181-1 - Tom Ferris discovered a buffer overflow in the Mozilla products (Mozilla browser, Firefox, Thunderbird). By tricking an user to click on a Hyperlink with a specially crafted destination URL, a remote attacker could crash the application. It might even be possible to exploit this vulnerability to execute arbitrary code, but this has not yet been confirmed.
3b223821c2ce5a857a5b2f633896042c055216b8d5f8278366f84df4cab5d47fUbuntu Security Notice USN-182-1 - A local privilege escalation vulnerability has been discovered in the pixmap allocation handling of the X server. By allocating a huge pixmap, a local user could trigger an integer overflow that resulted in a memory allocation that was too small for the requested pixmap. This resulted in a buffer overflow which could eventually be exploited to execute arbitrary code with full root privileges.
df061683391f3f8fa82ddbd8ec3b3729ebd73d7587534f98ab8e2debcc7fff0dUbuntu Security Notice USN-179-1 - The current default algorithm for creating message digests (electronic signatures) for certificates created by openssl is MD5. However, this algorithm is not deemed secure any more, and some practical attacks have been demonstrated which could allow an attacker to forge certificates with a valid certification authority signature even if he does not know the secret CA signing key. Therefore all Ubuntu versions of openssl have now been changed to use SHA-1 by default.
edbc843d8f4af43ca289e0bf680fcdd3e70200689c88d4a50069328b0e77b252Ubuntu Security Notice USN-178-1 - Multiple vulnerabilities have been found in the Linux kernel.
2f0fd595f238d26a62b0368e060a1fcc836633e325931c70013e97e930fff457Ubuntu Security Notice USN-177-1 - apache2, libapache-mod-ssl vulnerabilities - Apache did not honour the "SSLVerifyClient require" directive within a block if the surrounding block contained a directive "SSLVerifyClient optional". This allowed clients to bypass client certificate validation on servers with the above configuration. Also, Filip Sneppe discovered a Denial of Service vulnerability in the byte range filter handler. By requesting certain large byte ranges, a remote attacker could cause memory exhaustion in the server.
f63bd9e3e650b2f1d6cbf6e4bceff6b9f82ee6c95a22dc5b50cef9f0bab677b0Ubuntu Security Notice USN-176-1 - Ilja van Sprundel discovered a flaw in the lock file handling of kcheckpass. A local attacker could exploit this to execute arbitrary code with root privileges.
b419e916d6eaef50b8207c2fddbe8550191cd454338f309985dd513d0f2b8933Ubuntu Security Notice USN-160-2 - USN-160-1 fixed two vulnerabilities in the Apache 2 server. The old Apache 1 server was also vulnerable to one of the vulnerabilities (CVE-2005-2088). Please note that Apache 1 is not officially supported in Ubuntu (it is in the "universe" component of the archive).
4c77e34937b466d8814d9fdbcb4bfc9238594501b16e9bf4138b9bea0692a4a6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed