These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-3817-1: Python vulnerabilities

It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1000030) It was discovered that Python incorrectly handled running…

13 November 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3811-2: SpamAssassin vulnerability

USN-3811-1 fixed a vulnerability in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2017-15705)

13 November 2018 | ubuntu-12.04-esm

USN-3814-3: ClamAV vulnerabilities

USN-3814-2 fixed several vulnerabilities in clamav. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered ClamAV incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2018-18584,…

13 November 2018 | ubuntu-12.04-esm

USN-3814-2: ClamAV vulnerabilities

USN-3814-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 libmspack is included into ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: It was discovered libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash,…

13 November 2018 | ubuntu-14.04-lts

USN-3816-1: systemd vulnerabilities

Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686) Jann Horn discovered a race condition in chown_one(). A local attacker could potentially…

12 November 2018 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3815-2: gettext vulnerability

USN-3815-1 fixed a vulnerability in gettext. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code.

12 November 2018 | ubuntu-12.04-esm

USN-3815-1: gettext vulnerability

It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code.

12 November 2018 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3814-1: libmspack vulnerabilities

It was discovered libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. (CVE-2018-18584, CVE-2018-18585)

12 November 2018 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3813-1: pyOpenSSL vulnerabilities

It was discovered that pyOpenSSL incorrectly handled memory when handling X509 objects. A remote attacker could use this issue to cause pyOpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000807) It was discovered that pyOpenSSL incorrectly handled memory when performing operations on a PKCS #12…

8 November 2018 | ubuntu-16.04-lts

USN-3812-1: nginx vulnerabilities

It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843) Gal Goldshtein discovered that nginx incorrectly handled…

7 November 2018 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts