These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-3906-2: LibTIFF vulnerabilities

USN-3906-1 and USN-3864-1 fixed several vulnerabilities in LibTIFF. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker…

18 March 2019 | ubuntu-12.04-esm

USN-3911-1: file vulnerabilities

It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

18 March 2019 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3910-1: Linux kernel vulnerabilities

It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service (system crash). (CVE-2017-18241) It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A…

15 March 2019 | ubuntu-16.04-lts

USN-3910-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3910-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly….

15 March 2019 | ubuntu-14.04-lts

USN-3909-1: libvirt vulnerability

It was discovered that libvirt incorrectly handled waiting for certain agent events. An attacker inside a guest could possibly use this issue to cause libvirtd to stop responding, resulting in a denial of service.

14 March 2019 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3908-2: Linux kernel (Trusty HWE) vulnerability

USN-3908-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to…

13 March 2019 | ubuntu-12.04-esm

USN-3908-1: Linux kernel vulnerability

Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations.

12 March 2019 | ubuntu-14.04-lts

USN-3902-2: PHP vulnerabilities

USN-3902-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2019-9020,…

12 March 2019 | ubuntu-12.04-esm

USN-3907-1: WALinuxAgent vulnerability

It was discovered that WALinuxAgent created swap files with incorrect permissions. A local attacker could possibly use this issue to obtain sensitive information from the swap file.

12 March 2019 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3906-1: LibTIFF vulnerabilities

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

12 March 2019 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts