These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-3644-1: OpenJDK 8 vulnerabilities

It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive file manifests. An attacker could possibly use this to modify attributes in a manifest without invalidating the signature. (CVE-2018-2790) Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and…

11 May 2018 | ubuntu-17.10, ubuntu-16.04-lts

USN-3643-2: Wget vulnerability

USN-3643-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.

9 May 2018 | ubuntu-12.04-esm

USN-3643-1: Wget vulnerability

It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.

9 May 2018 | ubuntu-18.04-lts, ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3642-1: DPDK vulnerability

Maxime Coquelin discovered that DPDK incorrectly handled guest physical ranges. A malicious guest could use this issue to possibly access sensitive information.

9 May 2018 | ubuntu-18.04-lts

USN-3641-2: Linux kernel vulnerabilities

USN-3641-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 17.10. This update provides the corresponding updates for Ubuntu 12.04 ESM. Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attacker could use this to cause…

8 May 2018 | ubuntu-12.04-esm

USN-3641-1: Linux kernel vulnerabilities

Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attacker could use this to cause a denial of service (system crash). This issue only affected the amd64 architecture. (CVE-2018-8897) Andy Lutomirski discovered that the KVM subsystem of the Linux kernel did not…

8 May 2018 | ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3640-1: WebKitGTK+ vulnerability

Ivan Fratric discovered that WebKitGTK+ incorrectly handled certain web content. If a user were tricked into viewing a malicious website, a remote attacker could possibly exploit this to execute arbitrary code.

8 May 2018 | ubuntu-18.04-lts, ubuntu-17.10, ubuntu-16.04-lts

USN-3639-1: LibRaw vulnerabilities

It was discovered that LibRaw incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-10528) It was discovered that LibRaw incorrectly handled certain files. An attacker could possibly use this to obtain sensitive information. (CVE-2018-10529)

8 May 2018 | ubuntu-18.04-lts, ubuntu-17.10, ubuntu-16.04-lts

USN-3638-1: QPDF vulnerabilities

It was discovered that QPDF incorrectly handled certain malformed files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code.

7 May 2018 | ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3637-1: WavPack vulnerabilities

Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu discovered that WavPack incorrectly handled certain .wav files. An attacker could possibly use this to execute arbitrary code or cause a denial of service. (CVE-2018-10536, CVE-2018-10537) Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu discovered…

30 April 2018 | ubuntu-18.04-lts, ubuntu-17.10