These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4209-1: Linux kernel vulnerabilities

Jann Horn discovered that the OverlayFS and ShiftFS Drivers in the Linux kernel did not properly handle reference counting during memory mapping operations when used in conjunction with AUFS. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15794) It was discovered that a…

2 December 2019 | ubuntu-19.04, ubuntu-18.04-lts

USN-4208-1: Linux kernel vulnerabilities

Jann Horn discovered that the OverlayFS and ShiftFS Drivers in the Linux kernel did not properly handle reference counting during memory mapping operations when used in conjunction with AUFS. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15794) Nicolas Waisman discovered…

2 December 2019 | ubuntu-19.10, ubuntu-18.04-lts

USN-4206-1: GraphicsMagick vulnerabilities

It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-10794, CVE-2017-10799, CVE-2017-11102, CVE-2017-11140, CVE-2017-11403, CVE-2017-11636, CVE-2017-11637, CVE-2017-13147, CVE-2017-14042, CVE-2017-6335)

2 December 2019 | ubuntu-16.04-lts

USN-4205-1: SQLite vulnerabilities

It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740) It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this issue to cause a denial of service. This issue…

2 December 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-12.04-esm

USN-4204-1: psutil vulnerability

Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code.

28 November 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4203-2: NSS vulnerability

USN-4203-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly…

27 November 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4203-1: NSS vulnerability

It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

27 November 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4202-1: Thunderbird vulnerabilities

It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755) Multiple security issues were discovered…

26 November 2019 | ubuntu-19.10, ubuntu-18.04-lts

USN-4201-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access. (CVE-2019-15845) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could use this issue to cause a denial of service. (CVE-2019-16201) It…

26 November 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4200-1: Redmine vulnerabilities

It was discovered that Redmine incorrectly handle certain inputs that could cause textile formatting errors. An attacker could possibly use this issue to cause a XSS attack. (CVE-2019-17427) It was discovered that an SQL injection could allow users to access protected information via a crafted object query. (CVE-2019-18890)

26 November 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts