These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.
You can also view the latest notices by subscribing to the RSS 
or the Atom feeds.
Latest notices
USN-3770-2: Little CMS vulnerabilities
USN-3770-1 fixed a vulnerability in Little CMS. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Pedro Ribeiro discoreved that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2013-4276) Ibrahim El-Sayed discovered that…
20 September 2018 | ubuntu-12.04-esm
USN-3770-1: Little CMS vulnerabilities
Ibrahim El-Sayed discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-10165) Quang Nguyen discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-16435)
20 September 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts
USN-3769-1: Bind vulnerability
It was discovered that Bind incorrectly handled the deny-answer-aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bind to crash, resulting in a denial of service.
20 September 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts
USN-3766-2: PHP vulnerabilities
USN-3766-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2018-14851,…
19 September 2018 | ubuntu-12.04-esm
USN-3767-2: GLib vulnerabilities
USN-3767-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2018-16428) It was discovered that GLib…
19 September 2018 | ubuntu-12.04-esm
USN-3768-1: Ghostscript vulnerabilities
Tavis Ormandy discovered multiple security issues in Ghostscript. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.
19 September 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts
USN-3767-1: GLib vulnerabilities
It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2018-16428) It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2018-16429)
19 September 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts
USN-3722-6: ClamAV vulnerabilities
USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this…
18 September 2018 | ubuntu-12.04-esm
USN-3766-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker…
18 September 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts
USN-3722-5: ClamAV regression
USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this…
18 September 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts
Releases
- ubuntu 18.04 LTS
- ubuntu 17.10
- ubuntu 17.04
- ubuntu 16.10
- ubuntu 16.04 LTS
- ubuntu 15.10
- ubuntu 15.04
- ubuntu 14.10
- ubuntu 14.04 LTS
- ubuntu 13.10
- ubuntu 13.04
- ubuntu 12.10
- ubuntu 12.04 LTS
- ubuntu 11.10
- ubuntu 11.04
- ubuntu 10.10
- ubuntu 10.04 LTS
- ubuntu 9.10
- ubuntu 9.04
- ubuntu 8.10
- ubuntu 8.04 LTS
- ubuntu 7.10
- ubuntu 7.04
- ubuntu 6.10
- ubuntu 6.06 LTS
- ubuntu 5.10
- ubuntu 5.04
- ubuntu 4.10