These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4587-1: iTALC vulnerabilities

Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn’t check malloc return values. A remote attacker could use these issues to cause a denial of service or possibly execute arbitrary code. (CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055) Josef Gajdusek discovered that iTALC had…

20 October 2020 | ubuntu-16.04-lts

USN-4586-1: PHP ImageMagick vulnerability

It was discovered that PHP ImageMagick extension didn’t check the address used by an array. An attacker could use this issue to cause PHP ImageMagick to crash, resulting in a denial of service.

20 October 2020 | ubuntu-18.04-lts

USN-4593-1: FreeType vulnerability

Sergei Glazunov discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.

20 October 2020 | ubuntu-20.04-lts, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4592-1: Linux kernel vulnerabilities

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12351) Andy Nguyen discovered that the Bluetooth A2MP implementation in the…

20 October 2020 | ubuntu-18.04-lts

USN-4591-1: Linux kernel vulnerabilities

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12351) Andy Nguyen discovered that the Bluetooth A2MP implementation in the…

19 October 2020 | ubuntu-20.04-lts, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4588-1: FlightGear vulnerability

It was discovered that FlightGear could write arbitrary files if received a special nasal script. A remote attacker could exploit this with a crafted file to execute arbitrary code.

19 October 2020 | ubuntu-16.04-lts

USN-4590-1: Collabtive vulnerability

It was discovered that Collabtive did not properly validate avatar image file uploads. An authenticated user could exploit this with a crafted file to cause Collabtive to execute arbitrary code. (CVE-2015-0258)

19 October 2020 | ubuntu-16.04-lts

USN-4585-1: Newsbeuter vulnerabilities

It was discovered that Newsbeuter didn’t handle the command line input properly. An remote attacker could use it to ran remote code by crafting a special input file. (CVE-2017-12904) It was discovered that Newsbeuter didn’t handle metacharacters in its filename properly. An remote attacker could use it to ran remote code by crafting a special…

15 October 2020 | ubuntu-16.04-lts

USN-4546-2: Firefox regressions

USN-4546-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially…

15 October 2020 | ubuntu-20.04-lts, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4584-1: HtmlUnit vulnerability

It was discovered that HtmlUnit incorrectly initialized Rhino engine. An Attacker could possibly use this issue to execute arbitrary Java code.

15 October 2020 | ubuntu-16.04-lts