Latest notices

USN-3936-2: AdvanceCOMP vulnerability

USN-3936-1 fixed a vulnerability in AdvanceCOMP. This update provides the corresponding update for Ubuntu 19.04. Original advisory details: It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code.

23 April 2019 | ubuntu-19.04

USN-3922-2: PHP vulnerabilities

USN-3922-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-9022) It was discovered that PHP incorrectly handled certain files. An attacker could…

23 April 2019 | ubuntu-14.04-lts

USN-3953-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

23 April 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3952-1: Pacemaker vulnerabilities

Jan Pokorný discovered that Pacemaker incorrectly handled client-server authentication. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-16877) Jan Pokorný discovered that Pacemaker incorrectly handled certain verifications. A local attacker could possibly use this issue to cause a denial of service….

23 April 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3951-1: Dovecot vulnerability

It was discovered that the Dovecot JSON encoder incorrectly handled certain invalid UTF-8 characters. A remote attacker could possibly use this issue to cause Dovecot to repeatedly crash, resulting in a denial of service.

23 April 2019 | ubuntu-19.04, ubuntu-18.10

USN-3950-1: ZNC vulnerability

It was discovered that ZNC incorrectly handled certain invalid encodings. An authenticated remote user could use this issue to cause ZNC to crash, resulting in a denial of service, or possibly execute arbitrary code.

18 April 2019 | ubuntu-18.10

USN-3914-2: NTFS-3G update

USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening measure, this update removes the setuid bit from the ntfs-3g binary. Original advisory details: A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute…

17 April 2019 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3918-4: Firefox regressions

USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an…

16 April 2019 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3949-1: OpenJDK 11 vulnerability

It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. (CVE-2019-2422) Please note that with this update, the OpenJDK package in Ubuntu 18.04 LTS has transitioned from OpenJDK 10 to OpenJDK 11….

16 April 2019 | ubuntu-18.04-lts

USN-3948-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

16 April 2019 | ubuntu-18.10, ubuntu-18.04-lts