Category Archives: Security

[USN-897-1] MySQL vulnerabilities

The following security announcement applies to mysql-server. If you have mysql-server installed, please see below for details on the vulnerability and instructions on patching your system: It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options… Read More »

[USN-894-1] Linux kernel vulnerabilities

The following security announcement applies to linux-image. If you have linux-image installed, please see below for details on the vulnerability and instructions on patching your system: ATTENTION: Due to an unavoidable ABI change (except for Ubuntu 6.06) the kernel updates have been given a new version number, which requires you to recompile and reinstall all… Read More »

[USN-892-1] FUSE vulnerability

The following security announcement applies to fuse-utils. If you have fuse-utils installed, please see below for details on the vulnerability and instructions on patching your system: Ronald Volgers discovered that FUSE did not correctly check mount locations.  A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.… Read More »

[USN-893-1] Samba vulnerability

The following security announcement applies to smbfs. If you have smbfs installed, please see below for details on the vulnerability and instructions on patching your system: Ronald Volgers discovered that the mount.cifs utility, when installed as a setuid program, suffered from a race condition when verifying user permissions. A local attacker could trick samba into… Read More »

[USN-891-1] lintian vulnerabilities

The following security announcement applies to lintian. If you have lintian installed, please see below for details on the vulnerability and instructions on patching your system: It was discovered that lintian did not correctly validate certain filenames when processing input.  If a user or an automated system were tricked into running lintian on a specially… Read More »

[USN-803-2] Dhcp vulnerability

The following security announcement applies to dhcp-client. If you have dhcp-client installed, please see below for details on the vulnerability and instructions on patching your system: USN-803-1 fixed a vulnerability in Dhcp. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 8.10 and higher. Even with the patch… Read More »

[USN-890-4] PyXML vulnerabilities

The following security announcement applies to Python. If you have Python installed, please see below for details on the vulnerability and instructions on patching your system: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly… Read More »

[USN-890-2] Python 2.5 vulnerabilities

The following security announcement applies to Python. If you have Python installed, please see below for details on the vulnerability and instructions on patching your system: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.5. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered… Read More »

[USN-890-1] Expat vulnerabilities

The following security announcement applies to Expat. If you have Expat installed, please see below for details on the vulnerability and instructions on patching your system: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a… Read More »