These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4109-1: OpenJPEG vulnerabilities

It was discovered that OpenJPEG incorrectly handled certain PGX files. An attacker could possibly use this issue to cause a denial of service or possibly remote code execution. (CVE-2017-17480) It was discovered that OpenJPEG incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service….

21 August 2019 | ubuntu-18.04-lts

USN-4108-1: Zstandard vulnerability

It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

21 August 2019 | ubuntu-18.04-lts

USN-4107-1: GIFLIB vulnerabilities

It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2016-3977) It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of…

20 August 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4106-1: NLTK vulnerability

Mike Salvatore discovered that NLTK mishandled crafted ZIP archives during extraction. A remote attacker could use this vulnerability to write arbitrary files to the filesystem

20 August 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4105-1: CUPS vulnerabilities

Stephan Zeisberg discovered that the CUPS SNMP backend incorrectly handled encoded ASN.1 inputs. A remote attacker could possibly use this issue to cause CUPS to crash by providing specially crafted network traffic. (CVE-2019-8696, CVE-2019-8675) It was discovered that CUPS did not properly handle client disconnection events. A local attacker…

20 August 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4104-1: Nova vulnerability

Donny Davis discovered that the Nova Compute service could return configuration or other information in response to a failed API request in some situations. A remote attacker could use this to expose sensitive information.

19 August 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4103-2: Docker vulnerability

Jasiel Spelman discovered that a double free existed in the docker-credential- helpers dependency of Docker. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code. Original advisory details: Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker…

19 August 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4103-1: docker-credential-helpers vulnerability

Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code.

19 August 2019 | ubuntu-19.04

USN-4078-2: OpenLDAP vulnerabilities

USN-4078-1 fixed several vulnerabilities in openldap. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another…

19 August 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4102-1: LibreOffice vulnerabilities

It was discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. (CVE-2019-9850, CVE-2019-9851) It was discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were…

19 August 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts