These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-3977-2: Intel Microcode update

USN-3977-1 provided mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry Trail and Bay Trail processor families. Original advisory details: Ke Sun, Henrique Kawakami, Kekai…

22 May 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-esm

USN-3993-2: curl vulnerability

USN-3993-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of…

22 May 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-3993-1: curl vulnerabilities

Wenchao Li discovered that curl incorrectly handled memory in the curl_url_set() function. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5435) It was discovered that curl incorrectly handled memory when receiving…

22 May 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3992-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

22 May 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts

USN-3566-2: PHP vulnerabilities

USN-3566-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2018-20783) It was discovered that PHP incorrectly handled certain…

22 May 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-3991-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks,…

21 May 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3990-1: urllib3 vulnerabilities

It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20060) It was discovered that urllib3 incorrectly stripped certain characters…

21 May 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3989-1: LibRaw vulnerabilities

It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code.

21 May 2019 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3985-2: libvirt update

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Ă–sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural…

16 May 2019 | ubuntu-14.04-esm

USN-3988-1: MediaInfo vulnerabilities

It was discovered that MediaInfo contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause MediaInfo to crash, resulting in a denial of service.

16 May 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts