USN-813-1: apr vulnerability

Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application...

USN-811-1: Firefox and Xulrunner vulnerability

Juan Pablo Lopez Yacubian discovered that Firefox did not properly display invalid URLs. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. Furthermore, if the malicious website had a valid SSL...

USN-810-2: NSPR update

USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cau...

USN-810-1: NSS vulnerabilities

Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service via application crash or execute arbitrary code as the user invoking the program. CVE-2009-2404 Moxie...

USN-808-1: Bind vulnerability

Micha Krause discovered that Bind did not correctly validate certain dynamic DNS update packets. An unauthenticated remote attacker could send specially crafted traffic to crash the DNS server, leading to a denial of service...

USN-807-1: Linux kernel vulnerabilities

Michael Tokarev discovered that the RTL8169 network driver did not correctly validate buffer sizes. A remote attacker on the local network could send specially crafted traffic that would crash the system or potentially grant elevated privileges. CVE-2009-1389 Julien Tinnes and Tavis Ormandy...

USN-806-1: Python vulnerabilities

It was discovered that Python incorrectly handled certain arguments in the imageop module. If an attacker were able to pass specially crafted arguments through the crop function, they could execute arbitrary code with user privileges. For Python 2.5, this issue only affected Ubuntu 8.04 LTS...

USN-798-1: Firefox and Xulrunner vulnerabilities

Several flaws were discovered in the Firefox browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. CVE-2009-2462,...

USN-805-1: Ruby vulnerabilities

It was discovered that Ruby did not properly validate certificates. An attacker could exploit this and present invalid or revoked X.509 certificates. CVE-2009-0642 It was discovered that Ruby did not properly handle string arguments that represent large numbers. An attacker could exploit this and...

USN-804-1: PulseAudio vulnerability

Tavis Ormandy, Julien Tinnes, and Yorick Koster discovered that PulseAudio did not safely re-execute itself. A local attacker could exploit this to gain root privileges...

USN-803-1: dhcp vulnerability

It was discovered that the DHCP client as included in dhcp3 did not verify the length of certain option fields when processing a response from an IPv4 dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a malicious dhcp server, a remote attacker could cause a denial of service...

USN-802-1: Apache vulnerabilities

It was discovered that modproxyhttp did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. CVE-2009-1890 It was...

USN-801-1: tiff vulnerability

Tielei Wang and Tom Lane discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, an attacker could execute arbitrary code with the privileges of the user invoking the program...

USN-800-1: irssi vulnerability

It was discovered that irssi did not properly check the length of strings when processing WALLOPS messages. If a user connected to an IRC network where an attacker had IRC operator privileges, a remote attacker could cause a denial of service...

USN-799-1: D-Bus vulnerability

It was discovered that the D-Bus library did not correctly validate signatures. If a local user sent a specially crafted D-Bus key, they could spoof a valid signature and bypass security policies...

USN-796-1: Pidgin vulnerability

Yuriy Kaminskiy discovered that Pidgin did not properly handle certain messages in the ICQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash...

USN-797-1: tiff vulnerability

It was discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could cause an application linked against libtiff to crash, leading to a denial of service...

USN-795-1: Nagios vulnerability

It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server...

USN-794-1: Perl vulnerability

It was discovered that the Compress::Raw::Zlib Perl module incorrectly handled certain zlib compressed streams. If a user or automated system were tricked into processing a specially crafted compressed stream or file, a remote attacker could crash the application, leading to a denial of service...

USN-793-1: Linux kernel vulnerabilities

Igor Zhbanov discovered that NFS clients were able to create device nodes even when rootsquash was enabled. An authenticated remote attacker could create device nodes with open permissions, leading to a loss of privacy or escalation of privileges. Only Ubuntu 8.10 and 9.04 were affected...

USN-782-1: Thunderbird vulnerabilities

Several flaws were discovered in the JavaScript engine of Thunderbird. If a user had JavaScript enabled and were tricked into viewing malicious web content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program...

USN-792-1: OpenSSL vulnerabilities

It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. CVE-2009-1377 It was discovered that...

USN-791-2: Moodle vulnerability

Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy...

USN-791-1: Moodle vulnerabilities

Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. CVE-2007-3215 Nigel McNie discovered that fetching https URLs di...

USN-791-3: Smarty vulnerability

It was discovered that Smarty did not correctly filter certain math inputs. A remote attacker using Smarty via a web service could exploit this to execute subsets of shell commands as the web server user...

USN-790-1: Cyrus SASL vulnerability

James Ralston discovered that the Cyrus SASL base64 encoding function could be used unsafely. If a remote attacker sent a specially crafted request to a service that used SASL, it could lead to a loss of privacy, or crash the application, resulting in a denial of service...

USN-789-1: GStreamer Good Plugins vulnerability

Tielei Wang discovered that GStreamer Good Plugins did not correctly handle malformed PNG image files. If a user were tricked into opening a crafted PNG image file with a GStreamer application, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code...

USN-788-1: Tomcat vulnerabilities

Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. CVE-2008-5515 Yoshihito Fukuyama discovered that Tomcat did not properly handle error...

USN-779-1: Firefox and Xulrunner vulnerabilities

Several flaws were discovered in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. CVE-2009-1392,...

USN-787-1: Apache vulnerabilities

Matthew Palmer discovered an underflow flaw in apr-util as included in Apache. An attacker could cause a denial of service via application crash in Apache using a crafted SVNMasterURI directive, .htaccess file, or when using modapreq2. This issue only affected Ubuntu 6.06 LTS. CVE-2009-0023 Sande...

USN-786-1: apr-util vulnerabilities

Matthew Palmer discovered an underflow flaw in apr-util. An attacker could cause a denial of service via application crash in Apache using a crafted SVNMasterURI directive, .htaccess file, or when using modapreq2. Applications using libapreq2 are also affected. CVE-2009-0023 It was discovered tha...

USN-775-2: Quagga regression

USN-775-1 fixed vulnerabilities in Quagga. The preventative fixes introduced in Quagga prior to Ubuntu 9.04 could result in BGP service failures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the BGP service in Quagga did not...

USN-785-1: ipsec-tools vulnerabilities

It was discovered that ipsec-tools did not properly handle certain fragmented packets. A remote attacker could send specially crafted packets to the server and cause a denial of service. CVE-2009-1574 It was discovered that ipsec-tools did not properly handle memory usage when verifying certifica...

USN-784-1: ImageMagick vulnerability

It was discovered that ImageMagick did not properly verify the dimensions of TIFF files. If a user or automated system were tricked into opening a crafted TIFF file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program...

USN-783-1: eCryptfs vulnerability

Chris Jones discovered that the eCryptfs support utilities would report the mount passphrase into installation logs when an eCryptfs home directory was selected during Ubuntu installation. The logs are only readable by the root user, but this still left the mount passphrase unencrypted on disk,...

USN-781-2: Gaim vulnerabilities

It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Gaim to crash, or possibly execute arbitrary code wit...

USN-781-1: Pidgin vulnerabilities

It was discovered that Pidgin did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Pidgin to crash, or possibly execute arbitrary code...

USN-780-1: CUPS vulnerability

Anibal Sacco discovered that CUPS did not properly handle certain network operations. A remote attacker could exploit this flaw and cause the CUPS server to crash, resulting in a denial of service...

USN-778-1: cron vulnerability

It was discovered that cron did not properly check the return code of the setgid and initgroups system calls. A local attacker could use this to escalate group privileges. Please note that cron versions 3.0pl1-64 and later were already patched to address the more serious setuid check referred to ...

USN-777-1: Ntp vulnerabilities

A stack-based buffer overflow was discovered in ntpq. If a user were tricked into connecting to a malicious ntp server, a remote attacker could cause a denial of service in ntpq, or possibly execute arbitrary code with the privileges of the user invoking the program. CVE-2009-0159 Chris Ries...

USN-776-2: KVM regression

USN-776-1 fixed vulnerabilities in KVM. Due to an incorrect fix, a regression was introduced in Ubuntu 8.04 LTS that caused KVM to fail to boot virtual machines started via libvirt. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Avi Kivity discovered...

USN-775-1: Quagga vulnerability

It was discovered that the BGP service in Quagga did not correctly handle certain AS paths containing 4-byte ASNs. An authenticated remote attacker could exploit this flaw to cause bgpd to abort, leading to a denial of service...

USN-776-1: KVM vulnerabilities

Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. CVE-2008-1945, CVE-2008-2004 Alfredo Ortega discovered that KVM's VNC protocol handler did not correctly...

USN-774-1: MoinMoin vulnerability

It was discovered that MoinMoin did not properly sanitize its input when attaching files, resulting in cross-site scripting XSS vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could...

USN-773-1: Pango vulnerability

Will Drewry discovered that Pango incorrectly handled rendering text with long glyphstrings. If a user were tricked into displaying specially crafted data with applications linked against Pango, such as Firefox, an attacker could cause a denial of service or execute arbitrary code with privileges...

USN-772-1: MPFR vulnerability

It was discovered that MPFR improperly handled string lengths in its print routines. If a user or automated system were tricked into processing specially crafted data with applications linked against MPFR, an attacker could cause a denial of service or execute arbitrary code with privileges of th...

USN-771-1: libmodplug vulnerabilities

It was discovered that libmodplug did not correctly handle certain parameters when parsing MED media files. If a user or automated system were tricked into opening a crafted MED file, an attacker could execute arbitrary code with privileges of the user invoking the program. CVE-2009-1438 Manfred...

USN-770-1: ClamAV vulnerability

A flaw was discovered in the clamav-milter initscript which caused the ownership of the current working directory to be changed to the 'clamav' user. This update attempts to repair the incorrect ownership for standard system directories, but it is recommended that the following command be perform...

USN-769-1: libwmf vulnerability

Tavis Ormandy discovered that libwmf incorrectly used memory after it had been freed when using its embedded GD library. If a user or automated system were tricked into opening a crafted WMF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user...

USN-768-1: Apport vulnerability

Stephane Chazelas discovered that Apport did not safely remove files from its crash report directory. If Apport had been enabled at some point, a local attacker could remove arbitrary files from the system...