These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4162-2: Linux kernel (Azure) vulnerabilities

USN-4162-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM. It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a…

23 October 2019 | ubuntu-14.04-esm

USN-4163-2: Linux kernel (Xenial HWE) vulnerabilities

USN-4163-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free…

23 October 2019 | ubuntu-14.04-esm

USN-4164-1: Libxslt vulnerabilities

It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. This issue not affected Ubuntu 19.10. (CVE-2019-13117, CVE-2019-13118) It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to execute arbitrary…

22 October 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4163-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2016-10906) It was discovered that a race condition existed in the Serial Attached SCSI (SAS) implementation in the Linux…

22 October 2019 | ubuntu-16.04-lts

USN-4162-1: Linux kernel vulnerabilities

It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008) Wen Huang discovered that the Marvell…

22 October 2019 | ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4157-2: Linux kernel (HWE) vulnerabilities

USN-4157-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS. Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a…

22 October 2019 | ubuntu-18.04-lts

USN-4161-1: Linux kernel vulnerability

It was discovered that the IPv6 routing implementation in the Linux kernel contained a reference counting error leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

21 October 2019 | ubuntu-19.10

USN-4160-1: UW IMAP vulnerability

It was discovered that UW IMAP incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands.

21 October 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4159-1: Exiv2 vulnerability

It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.

21 October 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4155-2: Aspell vulnerability

USN-4155-1 fixed a vulnerability in Aspell. This update provides the corresponding update for Ubuntu 19.10. Original advisory details: It was discovered that Aspell incorrectly handled certain inputs. An attacker could potentially access sensitive information.

21 October 2019 | ubuntu-19.10