These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4196-1: python-ecdsa vulnerabilities

It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service. (CVE-2019-14853) It was discovered that python-ecdsa incorrectly verified DER encoding in signatures. A remote attacker could use…

18 November 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4195-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.18 in Ubuntu 19.10. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.28. In addition to security fixes, the updated packages contain bug fixes, new features,…

18 November 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4194-1: postgresql-common vulnerability

Rich Mirch discovered that the postgresql-common pg_ctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges.

14 November 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4193-1: Ghostscript vulnerability

Paul Manfred and Lukas Schauer discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.

14 November 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4192-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

14 November 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4191-2: QEMU vulnerabilities

USN-4191-2 fixed a vulnerability in QEMU. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068) Sergej…

14 November 2019 | ubuntu-14.04-esm

USN-4191-1: QEMU vulnerabilities

It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068) Sergej Schumilo, Cornelius Aschermann and Simon W├Ârner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a…

14 November 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4186-3: Linux kernel vulnerability

USN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian…

13 November 2019 | ubuntu-16.04-lts

USN-4185-3: Linux kernel vulnerability and regression

USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update…

13 November 2019 | ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4183-2: Linux kernel vulnerability

USN-4183-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian…

13 November 2019 | ubuntu-19.10