Latest notices

USN-3752-3: Linux kernel (Azure, GCP, OEM) vulnerabilities

It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1000200) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not…

28 August 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3756-1: Intel Microcode vulnerabilities

It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS)….

27 August 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3755-1: GD vulnerabilities

It was discovered that GD incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-1000222) It was discovered that GD incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-5711)

27 August 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3753-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3753-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A…

24 August 2018 | ubuntu-14.04-lts

USN-3752-2: Linux kernel (HWE) vulnerabilities

USN-3752-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the…

24 August 2018 | ubuntu-16.04-lts

USN-3754-1: Linux kernel vulnerabilities

Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service (system crash). (CVE-2016-10208) It was discovered that an information disclosure vulnerability existed in the…

24 August 2018 | ubuntu-14.04-lts

USN-3753-1: Linux kernel vulnerabilities

It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2017-13168) Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the…

24 August 2018 | ubuntu-16.04-lts

USN-3752-1: Linux kernel vulnerabilities

It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1000200) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not…

24 August 2018 | ubuntu-18.04-lts

USN-3751-1: Spice vulnerability

It was discovered that Spice incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service.

22 August 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3750-1: Pango vulnerability

Jeffrey M. discovered that Pango incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.

22 August 2018 | ubuntu-18.04-lts