These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4368-1: Linux kernel vulnerabilities

Tristan Madani discovered that the file locking implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service or expose sensitive information. (CVE-2019-19769) It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local…

19 May 2020 | ubuntu-18.04-lts

USN-4366-1: Exim vulnerability

It was discovered that Exim incorrectly handled certain inputs. An remote attacker could possibly use this issue to access sensitive information or authentication bypass.

19 May 2020 | ubuntu-20.04-lts, ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-esm

USN-4365-1: Bind vulnerabilities

Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. (CVE-2020-8616) Tobias Klein discovered that Bind incorrectly handled…

19 May 2020 | ubuntu-20.04-lts, ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4362-1: DPDK vulnerabilities

It was discovered that DPDK incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2020-10722, CVE-2020-10723, CVE-2020-10724, CVE-2020-10725, CVE-2020-10726)

18 May 2020 | ubuntu-20.04-lts, ubuntu-19.10, ubuntu-18.04-lts

USN-4361-1: Dovecot vulnerabilities

Philippe Antoine discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-10957, CVE-2020-10967) Philippe Antoine discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary…

18 May 2020 | ubuntu-20.04-lts, ubuntu-19.10

USN-4360-2: json-c regression

USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak in some scenarios. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this…

15 May 2020 | ubuntu-20.04-lts, ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4360-3: json-c regression

USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak in some scenarios. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this…

15 May 2020 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4360-1: json-c vulnerability

It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code.

14 May 2020 | ubuntu-20.04-lts, ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4359-1: APT vulnerability

It was discovered that APT incorrectly handled certain filenames during package installation. If an attacker could provide a specially crafted package to be installed by the system administrator, this could cause APT to crash.

14 May 2020 | ubuntu-20.04-lts, ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4358-1: libexif vulnerabilities

It was discovered that libexif incorrectly handled certain tags. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20030) It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. (CVE-2020-12767)

13 May 2020 | ubuntu-20.04-lts, ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-esm, ubuntu-12.04-esm