These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4289-1: Squid vulnerabilities

Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory. (CVE-2019-12528) Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access…

20 February 2020 | ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4288-1: ppp vulnerability

It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code.

20 February 2020 | ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4279-2: PHP regression

USN-4279-1 fixed vulnerabilities in PHP. The updated packages caused a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected…

19 February 2020 | ubuntu-16.04-lts

USN-4284-1: Linux kernel vulnerabilities

It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device…

19 February 2020 | ubuntu-19.10, ubuntu-18.04-lts

USN-4287-2: Linux kernel (Azure) vulnerabilities

USN-4287-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local…

18 February 2020 | ubuntu-14.04-esm

USN-4286-2: Linux kernel (Xenial HWE) vulnerabilities

USN-4286-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics…

18 February 2020 | ubuntu-14.04-esm

USN-4286-1: Linux kernel vulnerabilities

It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically…

18 February 2020 | ubuntu-16.04-lts

USN-4287-1: Linux kernel vulnerabilities

It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device…

18 February 2020 | ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4285-1: Linux kernel vulnerabilities

It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that the HSA Linux kernel driver for AMD GPU devices did not properly check for errors in certain situations,…

18 February 2020 | ubuntu-18.04-lts

USN-4283-1: QEMU vulnerabilities

Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that QEMU incorrectly handled iSCSI server responses. A remote attacker in control of the iSCSI server could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2020-1711) It was discovered that the QEMU libslirp component…

18 February 2020 | ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts