Latest notices

USN-3595-2: Samba vulnerability

USN-3595-1 fix a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Samba incorrectly validated inputs to the RPC spoolss service. An authenticated attacker could use this issue to cause the service to crash, resulting in a denial of service.

23 March 2018 | ubuntu-12.04-esm

USN-3605-1: Sharutils vulnerability

It was discovered that Sharutils incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code.

22 March 2018 | ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3604-1: libvorbis vulnerability

Richard Zhu discovered that libvorbis incorrectly handled certain sound files. An attacker could use this to cause libvorbis to crash, resulting in a denial or service, or possibly execute arbitrary code.

22 March 2018 | ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3603-2: Paramiko vulnerability

USN-3603-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Matthijs Kooijman discovered that Paramiko’s SSH server implementation did not properly require authentication before processing requests. An unauthenticated remote attacker could possibly use this to…

20 March 2018 | ubuntu-12.04-esm

USN-3603-1: Paramiko vulnerability

Matthijs Kooijman discovered that Paramiko’s SSH server implementation did not properly require authentication before processing requests. An unauthenticated remote attacker could possibly use this to execute arbitrary code.

20 March 2018 | ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3602-1: LibTIFF vulnerabilities

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

20 March 2018 | ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3601-1: Memcached vulnerability

It was discovered that Memcached incorrectly handled reusing certain items. A remote attacker could possibly use this issue to cause Memcached to crash, resulting in a denial of service.

19 March 2018 | ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3600-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain stream metadata. A remote attacker could possibly use this issue to set arbitrary metadata. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-10712) It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct…

19 March 2018 | ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3599-1: Firefox vulnerability

An out-of-bounds write was discovered when processing Vorbis audio data. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-5146)

16 March 2018 | ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3598-1: curl vulnerabilities

Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2018-1000120) Dario Weisser discovered that curl incorrectly handled certain LDAP URLs. An attacker could possibly use this issue to cause a denial of…

15 March 2018 | ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts