It was discovered that the GnuTLS certificate verification methods
implemented in Curl did not check for expiration and activation dates.
When performing validations, tools using libcurl3-gnutls would
incorrectly allow connections to sites using expired certificates.
Peter Johannes Holzer discovered that the Net::DNS Perl module had
predictable sequence numbers. This could allow remote attackers to
carry out DNS spoofing, leading to possible man-in-the-middle attacks.
John Heasman discovered that OpenOffice did not correctly validate the
sizes of tags in RTF documents. If a user were tricked into opening a
specially crafted document, a remote attacker could execute arbitrary
code with user privileges.
Multiple vulnerabilities were found in ImageMagick's handling of DCM and
WXD image files. By tricking a user into processing a specially crafted
image with an application that uses imagemagick, an attacker could
execute arbitrary code with the user's privileges.
Stefan Cornelius discovered that Gimp could miscalculate the size of heap
buffers when processing PSD images. By tricking a user into opening a
specially crafted PSD file with Gimp, an attacker could exploit this to
execute arbitrary code with the user's privileges.
Philip Van Hoof discovered that the IMAP client in Evolution did not
correctly verify the SEQUENCE value. A malicious or spoofed server
could exploit this to execute arbitrary code with user privileges.
Wei Wang discovered that the krb5 RPC library did not correctly handle
certain error conditions. A remote attacker could cause kadmind to free
an uninitialized pointer, leading to a denial of service or possibly
execution of arbitrary code with root privileges.
Multiple flaws in the MadWifi driver were discovered that could lead
to a system crash. A physically near-by attacker could generate
specially crafted wireless network traffic and cause a denial of
service.
Fabio Massimo Di Nitto discovered that cman did not correctly validate
the size of client messages. A local user could send a specially crafted
message and execute arbitrary code with cluster manager privileges or
crash the manager, leading to a denial of service.
Sean Larsson discovered that libexif did not correctly verify the size of
EXIF components. By tricking a user into opening an image with specially
crafted EXIF headers, a remote attacker could cause the application
using libexif to execute arbitrary code with user privileges.
It was discovered that xscreensaver did not correctly validate the
return values from network authentication systems such as LDAP or NIS.
A local attacker could bypass a locked screen if they were able to
interrupt network connectivity.
A buffer overflow was discovered in libgd2's font renderer. By tricking
an application using libgd2 into rendering a specially crafted string
with a JIS encoded font, a remote attacker could read heap memory or
crash the application, leading to a denial of service. (CVE-2007-0455)
Xavier Roche discovered that libgd2 did not correctly validate PNG
callback results. If an application were tricked into processing a
specially crafted PNG image, it would monopolize CPU resources.
USN-439-1 fixed a vulnerability in file. The original fix did not
fully solve the problem. This update provides a more complete solution.
Jean-Sebastien Guay-Leroux discovered that "file" did not correctly
check the size of allocated heap memory. If a user were tricked into
examining a specially crafted file with the "file" utility, a remote
attacker could execute arbitrary code with user privileges.
Victor Stinner discovered that libexif did not correctly validate the
size of some EXIF header fields. By tricking a user into opening an
image with specially crafted EXIF headers, a remote attacker could cause
the application using libexif to crash, resulting in a denial of service.
USN-464-1 fixed several vulnerabilities in the Linux kernel. Some
additional code changes were accidentally included in the Feisty update
which caused trouble for some people who were not using UUID-based
filesystem mounts. These changes have been reverted. We apologize for
the inconvenience. For more information see:
https://launchpad.net/bugs/117314
https://wiki.ubuntu.com/UsingUUID
It was discovered that Gimp did not correctly handle RAS image format
color tables. By tricking a user into opening a specially crafted RAS
file with Gimp, an attacker could exploit this to execute arbitrary code
with the user's privileges.
Victor Stinner discovered that freetype did not correctly verify the
number of points in a TrueType font. If a user were tricked into using
a specially crafted font, a remote attacker could execute arbitrary code
with user privileges.
Luigi Auriemma discovered multiple flaws in pulseaudio's network
processing code. If an unauthenticated attacker sent specially crafted
requests to the pulseaudio daemon, it would crash, resulting in a denial
of service.
Philipp Richter discovered that the AppleTalk protocol handler did
not sufficiently verify the length of packets. By sending a crafted
AppleTalk packet, a remote attacker could exploit this to crash the
kernel.
