These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-3765-2: curl vulnerability

USN-3765-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that curl incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code.

17 September 2018 | ubuntu-12.04-esm

USN-3765-1: curl vulnerability

It was discovered that curl incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code.

17 September 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3761-2: Firefox regressions

USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted…

13 September 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3747-2: OpenJDK 10 regression

USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessability support that prevented some Java applications from starting. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenJDK did not properly…

12 September 2018 | ubuntu-18.04-lts

USN-3764-1: Zsh vulnerabilities

It was discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-0502, CVE-2018-13259) Richard Maciel Costa discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-1100)

11 September 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3763-1: Linux kernel vulnerability

Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service.

11 September 2018 | ubuntu-12.04-esm

USN-3762-2: Linux kernel (HWE) vulnerabilities

USN-3762-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that the VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker…

11 September 2018 | ubuntu-16.04-lts

USN-3762-1: Linux kernel vulnerabilities

It was discovered that the VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2018-1118) Seunghun Han discovered an information leak in the ACPI handling code in the Linux kernel when handling early termination…

11 September 2018 | ubuntu-18.04-lts

USN-3761-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-12375, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378) It was discovered that if a user saved passwords before Firefox…

6 September 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3760-1: transfig vulnerability

It was discovered that transfig incorrectly handled certain FIG files. An attacker could possibly use this to execute arbitrary code.

6 September 2018 | ubuntu-16.04-lts, ubuntu-14.04-lts