These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.
You can also view the latest notices by subscribing to the RSS or the Atom
feeds.

Latest notices
USN-4214-1: RabbitMQ vulnerability
It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
5 December 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-14.04-esm
USN-4213-1: Squid vulnerabilities
Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-12523) Jeriko One discovered that Squid incorrectly handed URN…
4 December 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts
USN-4212-1: HAProxy vulnerability
Tim Düsterhus discovered that HAProxy incorrectly handled certain HTTP/2 headers. An attacker could possibly use this issue to execute arbitrary code through CRLF injection.
4 December 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts
USN-4182-4: Intel Microcode regression
USN-4182-2 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro…
4 December 2019 | ubuntu-14.04-esm
USN-4182-3: Intel Microcode regression
USN-4182-1 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro…
4 December 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts
USN-4194-2: postgresql-common vulnerability
USN-4194-1 fixed a vulnerability in postgresql-common. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Rich Mirch discovered that the postgresql-common pg_ctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges.
3 December 2019 | ubuntu-14.04-esm
USN-4207-1: GraphicsMagick vulnerabilities
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
3 December 2019 | ubuntu-18.04-lts
USN-4211-2: Linux kernel (Xenial HWE) vulnerabilities
USN-4211-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could…
3 December 2019 | ubuntu-14.04-esm
USN-4211-1: Linux kernel vulnerabilities
Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could…
3 December 2019 | ubuntu-16.04-lts
USN-4210-1: Linux kernel vulnerabilities
It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Nicolas Waisman discovered that the WiFi driver stack in the Linux…
3 December 2019 | ubuntu-18.04-lts, ubuntu-16.04-lts
Releases
- ubuntu 8.04 LTS
- ubuntu 6.06 LTS
- ubuntu 19.10
- ubuntu 19.04
- ubuntu 18.10
- ubuntu 18.04 LTS
- ubuntu 17.10
- ubuntu 17.04
- ubuntu 16.10
- ubuntu 16.04 LTS
- ubuntu 15.10
- ubuntu 15.04
- ubuntu 14.10
- ubuntu 14.04 LTS
- ubuntu 14.04 ESM
- ubuntu 13.10
- ubuntu 13.04
- ubuntu 12.10
- ubuntu 12.04 LTS
- ubuntu 12.04 ESM
- ubuntu 11.10
- ubuntu 11.04
- ubuntu 10.10
- ubuntu 10.04 LTS
- ubuntu 9.10
- ubuntu 9.04
- ubuntu 8.10
- ubuntu 7.10
- ubuntu 7.04
- ubuntu 6.10
- ubuntu 5.10
- ubuntu 5.04
- ubuntu 4.10