These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.
You can also view the latest notices by subscribing to the RSS
or the Atom
feeds.
Latest notices
USN-3848-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3848-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a…
20 December 2018 | ubuntu-14.04-lts
USN-3849-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3849-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that a NULL pointer dereference existed in the keyring subsystem of the Linux kernel. A local attacker could use this…
20 December 2018 | ubuntu-12.04-esm
USN-3849-1: Linux kernel vulnerabilities
It was discovered that a NULL pointer dereference existed in the keyring subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-2647) It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local…
20 December 2018 | ubuntu-14.04-lts
USN-3848-1: Linux kernel vulnerabilities
It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18174) It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local…
20 December 2018 | ubuntu-16.04-lts
USN-3847-3: Linux kernel (Azure) vulnerabilities
USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local…
20 December 2018 | ubuntu-14.04-lts
USN-3847-2: Linux kernel (HWE) vulnerabilities
USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A…
20 December 2018 | ubuntu-16.04-lts
USN-3847-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902) It was discovered that an integer overrun vulnerability existed in the POSIX timers…
20 December 2018 | ubuntu-18.04-lts
USN-3846-1: Linux kernel vulnerability
It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory).
20 December 2018 | ubuntu-18.10
USN-3845-1: FreeRDP vulnerabilities
Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8784, CVE-2018-8785) Eyal Itkin discovered FreeRDP incorrectly…
12 December 2018 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts
USN-3844-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restritions, or execute arbitrary code. (CVE-2018-12405, CVE-2018-12406, CVE-2018-12407, CVE-2018-17466, CVE-2018-18492,…
11 December 2018 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts
Releases
- ubuntu 18.10
- ubuntu 18.04 LTS
- ubuntu 17.10
- ubuntu 17.04
- ubuntu 16.10
- ubuntu 16.04 LTS
- ubuntu 15.10
- ubuntu 15.04
- ubuntu 14.10
- ubuntu 14.04 LTS
- ubuntu 13.10
- ubuntu 13.04
- ubuntu 12.10
- ubuntu 12.04 LTS
- ubuntu 11.10
- ubuntu 11.04
- ubuntu 10.10
- ubuntu 10.04 LTS
- ubuntu 9.10
- ubuntu 9.04
- ubuntu 8.10
- ubuntu 8.04 LTS
- ubuntu 7.10
- ubuntu 7.04
- ubuntu 6.10
- ubuntu 6.06 LTS
- ubuntu 5.10
- ubuntu 5.04
- ubuntu 4.10