These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.
You can also view the latest notices by subscribing to the RSS 
or the Atom feeds.
Latest notices
USN-3817-1: Python vulnerabilities
It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1000030) It was discovered that Python incorrectly handled running…
13 November 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts
USN-3811-2: SpamAssassin vulnerability
USN-3811-1 fixed a vulnerability in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2017-15705)
13 November 2018 | ubuntu-12.04-esm
USN-3814-3: ClamAV vulnerabilities
USN-3814-2 fixed several vulnerabilities in clamav. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered ClamAV incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2018-18584,…
13 November 2018 | ubuntu-12.04-esm
USN-3814-2: ClamAV vulnerabilities
USN-3814-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 libmspack is included into ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: It was discovered libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash,…
13 November 2018 | ubuntu-14.04-lts
USN-3816-1: systemd vulnerabilities
Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686) Jann Horn discovered a race condition in chown_one(). A local attacker could potentially…
12 November 2018 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts
USN-3815-2: gettext vulnerability
USN-3815-1 fixed a vulnerability in gettext. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code.
12 November 2018 | ubuntu-12.04-esm
USN-3815-1: gettext vulnerability
It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code.
12 November 2018 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts
USN-3814-1: libmspack vulnerabilities
It was discovered libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. (CVE-2018-18584, CVE-2018-18585)
12 November 2018 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts
USN-3813-1: pyOpenSSL vulnerabilities
It was discovered that pyOpenSSL incorrectly handled memory when handling X509 objects. A remote attacker could use this issue to cause pyOpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000807) It was discovered that pyOpenSSL incorrectly handled memory when performing operations on a PKCS #12…
8 November 2018 | ubuntu-16.04-lts
USN-3812-1: nginx vulnerabilities
It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843) Gal Goldshtein discovered that nginx incorrectly handled…
7 November 2018 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts
Releases
- ubuntu 18.10
- ubuntu 18.04 LTS
- ubuntu 17.10
- ubuntu 17.04
- ubuntu 16.10
- ubuntu 16.04 LTS
- ubuntu 15.10
- ubuntu 15.04
- ubuntu 14.10
- ubuntu 14.04 LTS
- ubuntu 13.10
- ubuntu 13.04
- ubuntu 12.10
- ubuntu 12.04 LTS
- ubuntu 11.10
- ubuntu 11.04
- ubuntu 10.10
- ubuntu 10.04 LTS
- ubuntu 9.10
- ubuntu 9.04
- ubuntu 8.10
- ubuntu 8.04 LTS
- ubuntu 7.10
- ubuntu 7.04
- ubuntu 6.10
- ubuntu 6.06 LTS
- ubuntu 5.10
- ubuntu 5.04
- ubuntu 4.10