These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4243-1: libbsd vulnerabilities

It was discovered that libbsd incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2016-2090) It was discovered that libbsd incorrectly handled certain strings. An attacker could possibly use this issue to access sensitive…

20 January 2020 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4242-1: Sysstat vulnerabilities

It was discovered that Sysstat incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-16167) It was discovered that Sysstat incorrectly handled certain inputs. An attacker could possibly use this issue to execute…

20 January 2020 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4225-2: Linux kernel (HWE) vulnerabilities

USN-4225-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 19.10 for Ubuntu 18.04 LTS. It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker…

18 January 2020 | ubuntu-18.04-lts

USN-4241-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-17005, CVE-2019-17008, CVE-2019-17010,…

16 January 2020 | ubuntu-19.10, ubuntu-18.04-lts

USN-4240-1: Kamailio vulnerability

It was discovered that Kamailio can be exploited by using a specially crafted message that can cause a buffer overflow issue.

16 January 2020 | ubuntu-16.04-lts

USN-4235-2: nginx vulnerability

USN-4235-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling…

15 January 2020 | ubuntu-14.04-esm

USN-4221-2: libpcap vulnerability

USN-4221-1 fixed a vulnerability in libpcap. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service (memory exhaustion).

15 January 2020 | ubuntu-12.04-esm

USN-4239-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. (CVE-2019-11045) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose…

15 January 2020 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4237-2: SpamAssassin vulnerabilities

USN-4237-1 fixed several vulnerabilities in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker…

15 January 2020 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4238-1: SDL_image vulnerabilities

It was discovered that SDL_image incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

14 January 2020 | ubuntu-18.04-lts, ubuntu-16.04-lts