These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-3820-1: Linux kernel vulnerabilities

Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-15471) It was discovered that the generic SCSI driver in the Linux kernel did not properly…

14 November 2018 | ubuntu-18.04-lts

USN-3818-1: PostgreSQL vulnerability

It was discovered that PostgreSQL incorrectly handled certain trigger definitions when running pg_upgrade or pg_dump. A remote attacker could possibly use this issue to execute arbitrary SQL statements with superuser privileges.

14 November 2018 | ubuntu-18.10, ubuntu-18.04-lts

USN-3817-1: Python vulnerabilities

It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1000030) It was discovered that Python incorrectly handled running…

13 November 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3811-2: SpamAssassin vulnerability

USN-3811-1 fixed a vulnerability in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2017-15705)

13 November 2018 | ubuntu-12.04-esm

USN-3814-3: ClamAV vulnerabilities

USN-3814-2 fixed several vulnerabilities in clamav. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered ClamAV incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2018-18584,…

13 November 2018 | ubuntu-12.04-esm

USN-3814-2: ClamAV vulnerabilities

USN-3814-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 libmspack is included into ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: It was discovered libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash,…

13 November 2018 | ubuntu-14.04-lts

USN-3816-1: systemd vulnerabilities

Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. (CVE-2018-15686) Jann Horn discovered a race condition in chown_one(). A local attacker could potentially…

12 November 2018 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3815-2: gettext vulnerability

USN-3815-1 fixed a vulnerability in gettext. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code.

12 November 2018 | ubuntu-12.04-esm

USN-3815-1: gettext vulnerability

It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code.

12 November 2018 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3814-1: libmspack vulnerabilities

It was discovered libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. (CVE-2018-18584, CVE-2018-18585)

12 November 2018 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts