These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-3824-1: OpenJDK 7 vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2018-3136) Artem Smotrakov discovered that the HTTP client redirection…

16 November 2018 | ubuntu-14.04-lts

USN-3817-2: Python vulnerabilities

USN-3817-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary…

15 November 2018 | ubuntu-12.04-esm

USN-3823-1: Linux kernel vulnerabilities

It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS)….

15 November 2018 | ubuntu-12.04-esm

USN-3822-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3822-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a…

14 November 2018 | ubuntu-12.04-esm

USN-3822-1: Linux kernel vulnerabilities

Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash). (CVE-2016-9588) It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel…

14 November 2018 | ubuntu-14.04-lts

USN-3820-3: Linux kernel (Azure) vulnerabilities

Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-15471) It was discovered that the generic SCSI driver in the Linux kernel did not properly…

14 November 2018 | ubuntu-14.04-lts

USN-3821-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3821-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained…

14 November 2018 | ubuntu-14.04-lts

USN-3821-1: Linux kernel vulnerabilities

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880) It was discovered that the alarmtimer…

14 November 2018 | ubuntu-16.04-lts

USN-3820-2: Linux kernel (HWE) vulnerabilities

USN-3820-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations….

14 November 2018 | ubuntu-16.04-lts

USN-3819-1: Linux kernel vulnerability

Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

14 November 2018 | ubuntu-18.10