These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-3705-2: Firefox regressions

USN-3705-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially…

10 July 2018 | ubuntu-18.04-lts, ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3709-1: Xapian-core vulnerability

It was discovered that Xapian-core incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code.

10 July 2018 | ubuntu-18.04-lts, ubuntu-17.10

USN-3706-2: libjpeg-turbo vulnerabilities

USN-3706-1 fixed a vulnerability in libjpeg-turbo. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that libjpeg-turbo incorrectly handled certain malformed JPEG images. If a user or automated system were tricked into opening a specially crafted JPEG image, a remote attacker…

10 July 2018 | ubuntu-12.04-esm

USN-3708-1: OpenSLP vulnerabilities

It was discovered that OpenSLP incorrectly handled certain memory operations. A remote attacker could use this issue to cause OpenSLP to crash, resulting in a denial of service, or possibly execute arbitrary code.

9 July 2018 | ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3707-1: NTP vulnerabilities

Yihan Lian discovered that NTP incorrectly handled certain malformed mode 6 packets. A remote attacker could possibly use this issue to cause ntpd to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7182) Michael Macnair discovered that NTP incorrectly handled certain responses. A…

9 July 2018 | ubuntu-18.04-lts, ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3706-1: libjpeg-turbo vulnerabilities

It was discovered that libjpeg-turbo incorrectly handled certain malformed JPEG images. If a user or automated system were tricked into opening a specially crafted JPEG image, a remote attacker could cause libjpeg-turbo to crash, resulting in a denial of service, or possibly execute arbitrary code.

9 July 2018 | ubuntu-18.04-lts, ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3690-2: AMD Microcode regression

USN-3690-1 provided updated microcode for AMD processors to address CVE-2017-5715 (aka Spectre). Unfortunately, the update caused some systems to fail to boot. This update reverts the update for Ubuntu 14.04 LTS. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative…

5 July 2018 | ubuntu-14.04-lts

USN-3705-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, bypass same-origin restrictions, bypass CORS restrictions, bypass CSRF protections, obtain sensitive information, or…

5 July 2018 | ubuntu-18.04-lts, ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3704-1: devscripts vulnerability

It was discovered that devscripts incorrectly handled certain YAML files. An attacker could possibly use this to execute arbitrary code.

5 July 2018 | ubuntu-18.04-lts, ubuntu-17.10

USN-3702-2: PHP vulnerability

USN-3702-1 fixed a vulnerability in PHP. PHP 7.2.7 did not actually include the fix for CVE-2018-12882. This update adds a backported patch to correct the issue. We apologize for the inconvenience. Original advisory details: It was discovered that PHP incorrectly handled exif tags in certain images. A remote attacker could use this issue to…

5 July 2018 | ubuntu-18.04-lts