These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.
You can also view the latest notices by subscribing to the RSS 
or the Atom feeds.
Latest notices
USN-3957-2: MariaDB vulnerabilities
USN-3957-1 fixed multiple vulnerabilities in MySQL. This update addresses some of them in MariaDB 5.5. Ubuntu 14.04 LTS has been updated to MariaDB 5.5.64. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more…
23 May 2019 | ubuntu-14.04-esm
USN-3977-2: Intel Microcode update
USN-3977-1 provided mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry Trail and Bay Trail processor families. Original advisory details: Ke Sun, Henrique Kawakami, Kekai…
22 May 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-esm
USN-3993-2: curl vulnerability
USN-3993-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of…
22 May 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm
USN-3993-1: curl vulnerabilities
Wenchao Li discovered that curl incorrectly handled memory in the curl_url_set() function. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5435) It was discovered that curl incorrectly handled memory when receiving…
22 May 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts
USN-3992-1: WebKitGTK+ vulnerabilities
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
22 May 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts
USN-3566-2: PHP vulnerabilities
USN-3566-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2018-20783) It was discovered that PHP incorrectly handled certain…
22 May 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm
USN-3991-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks,…
21 May 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts
USN-3990-1: urllib3 vulnerabilities
It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20060) It was discovered that urllib3 incorrectly stripped certain characters…
21 May 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts
USN-3989-1: LibRaw vulnerabilities
It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code.
21 May 2019 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts
USN-3985-2: libvirt update
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Ă–sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural…
16 May 2019 | ubuntu-14.04-esm
Releases
- ubuntu 8.04 LTS
- ubuntu 6.06 LTS
- ubuntu 19.04
- ubuntu 18.10
- ubuntu 18.04 LTS
- ubuntu 17.10
- ubuntu 17.04
- ubuntu 16.10
- ubuntu 16.04 LTS
- ubuntu 15.10
- ubuntu 15.04
- ubuntu 14.10
- ubuntu 14.04 LTS
- ubuntu 14.04 ESM
- ubuntu 13.10
- ubuntu 13.04
- ubuntu 12.10
- ubuntu 12.04 LTS
- ubuntu 12.04 ESM
- ubuntu 11.10
- ubuntu 11.04
- ubuntu 10.10
- ubuntu 10.04 LTS
- ubuntu 9.10
- ubuntu 9.04
- ubuntu 8.10
- ubuntu 7.10
- ubuntu 7.04
- ubuntu 6.10
- ubuntu 5.10
- ubuntu 5.04
- ubuntu 4.10