These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4016-2: Neovim vulnerability

It was discovered that Neovim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12735)

11 June 2019 | ubuntu-19.04, ubuntu-18.10

USN-4016-1: Vim vulnerabilities

It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-5953) It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-12735)

11 June 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4015-1: DBus vulnerability

Joe Vennix discovered that DBus incorrectly handled DBUS_COOKIE_SHA1 authentication. A local attacker could possibly use this issue to bypass authentication and connect to DBus servers with elevated privileges.

11 June 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4014-2: GLib vulnerability

USN-4014-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information.

11 June 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4014-1: GLib vulnerability

It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information.

10 June 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4013-1: libsndfile vulnerabilities

It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code.

10 June 2019 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4012-1: elfutils vulnerabilities

It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service.

10 June 2019 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4008-3: Linux kernel (Xenial HWE) vulnerabilities

USN-4008-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Robert Święcki discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for…

7 June 2019 | ubuntu-14.04-esm

USN-3991-2: Firefox regression

USN-3991-1 fixed vulnerabilities in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted…

6 June 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4011-2: Jinja2 vulnerabilities

USN-4011-1 fixed several vulnerabilities in Jinja2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. (CVE-2016-10745) Brian Welch discovered…

6 June 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm