Latest notices

USN-3691-1: OpenJDK 7 vulnerabilities

It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive file manifests. An attacker could possibly use this to modify attributes in a manifest without invalidating the signature. (CVE-2018-2790) Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and…

21 June 2018 | ubuntu-14.04-lts

USN-3690-1: AMD Microcode update

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides the microcode updates for AMD 17H…

20 June 2018 | ubuntu-18.04-lts, ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3689-2: Libgcrypt vulnerability

USN-3689-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Keegan Ryan discovered that Libgcrypt was susceptible to a side-channel attack. A local attacker could possibly use this attack to recover ECDSA private keys.

19 June 2018 | ubuntu-12.04-esm

USN-3688-1: Spidermonkey vulnerabilities

Multiple memory safety issues were fixed in Spidermonkey. An attacker could potentially exploit these to cause a denial of service, or execute arbitrary code.

19 June 2018 | ubuntu-18.04-lts, ubuntu-17.10

USN-3689-1: Libgcrypt vulnerability

Keegan Ryan discovered that Libgcrypt was susceptible to a side-channel attack. A local attacker could possibly use this attack to recover ECDSA private keys.

19 June 2018 | ubuntu-18.04-lts, ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3675-3: GnuPG vulnerability

USN-3675-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a…

18 June 2018 | ubuntu-12.04-esm

USN-3687-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

18 June 2018 | ubuntu-18.04-lts, ubuntu-17.10, ubuntu-16.04-lts

USN-3678-4: Linux kernel (Raspberry Pi 2) vulnerabilities

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted. (CVE-2018-1092) It was discovered that the 802.11 software simulator…

15 June 2018 | ubuntu-18.04-lts

USN-3675-2: GnuPG 2 vulnerability

USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Original advisory details: Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting…

15 June 2018 | ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3686-1: file vulnerabilities

Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620) Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of…

14 June 2018 | ubuntu-18.04-lts, ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts