These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4017-1: Linux kernel vulnerabilities

Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (CVE-2019-11478) Jonathan Looney discovered that an integer overflow existed in the Linux kernel…

17 June 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4017-2: Linux kernel vulnerabilities

USN-4017-1 fixed vulnerabilities in the Linux kernel for Ubuntu. This update provides the corresponding updates for the Linux kernel for Ubuntu 16.04 ESM and Ubuntu 14.04 ESM. Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment…

17 June 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-3991-3: Firefox regression

USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were…

14 June 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4015-2: DBus vulnerability

USN-4015-1 fixed a vulnerability in DBus. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1 authentication. A local attacker could possibly use this issue to bypass authentication and connect to DBus servers…

12 June 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4016-2: Neovim vulnerability

It was discovered that Neovim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12735)

11 June 2019 | ubuntu-19.04, ubuntu-18.10

USN-4016-1: Vim vulnerabilities

It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-5953) It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12735)

11 June 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4015-1: DBus vulnerability

Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1 authentication. A local attacker could possibly use this issue to bypass authentication and connect to DBus servers with elevated privileges.

11 June 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4014-2: GLib vulnerability

USN-4014-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information.

11 June 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4014-1: GLib vulnerability

It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information.

10 June 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4013-1: libsndfile vulnerabilities

It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code.

10 June 2019 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts