These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-3675-3: GnuPG vulnerability

USN-3675-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a…

18 June 2018 | ubuntu-12.04-esm

USN-3687-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

18 June 2018 | ubuntu-18.04-lts, ubuntu-17.10, ubuntu-16.04-lts

USN-3678-4: Linux kernel (Raspberry Pi 2) vulnerabilities

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted. (CVE-2018-1092) It was discovered that the 802.11 software simulator…

15 June 2018 | ubuntu-18.04-lts

USN-3675-2: GnuPG 2 vulnerability

USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Original advisory details: Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting…

15 June 2018 | ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3686-1: file vulnerabilities

Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620) Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of…

14 June 2018 | ubuntu-18.04-lts, ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3685-1: Ruby vulnerabilities

Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. (CVE-2017-0898) It was discovered that Ruby incorrectly handled certain files. An attacker could use this…

13 June 2018 | ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3684-2: Perl vulnerability

USN-3684-1 fixed a vulnerability in perl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files.

13 June 2018 | ubuntu-12.04-esm

USN-3684-1: Perl vulnerability

It was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files.

13 June 2018 | ubuntu-18.04-lts, ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3683-1: Bind vulnerability

Andrew Skalski discovered that Bind could incorrectly enable recursion when the "allow-recursion" setting wasn’t specified. This issue could improperly permit recursion to all clients, contrary to expectations.

13 June 2018 | ubuntu-18.04-lts

USN-3682-1: Firefox vulnerability

A heap buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.

12 June 2018 | ubuntu-18.04-lts, ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts