These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-3759-2: libtirpc vulnerabilities

USN-3759-1 fixed a vulnerability in libtirpc. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Aldy Hernandez discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-4429) It was discovered that libtirpc…

5 September 2018 | ubuntu-12.04-esm

USN-3759-1: libtirpc vulnerabilities

Aldy Hernandez discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4429) It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a…

5 September 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3758-2: libx11 vulnerabilities

USN-3758-1 fixed several vulnerabilities in libx11. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Tobias Stoeckmann discovered that libx11 incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information (CVE-2016-7942) Tobias Stoeckmann discovered…

30 August 2018 | ubuntu-12.04-esm

USN-3758-1: libx11 vulnerabilities

Tobias Stoeckmann discovered that libx11 incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information (CVE-2016-7942) Tobias Stoeckmann discovered that libx11 incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. (CVE-2016-7943) It was…

30 August 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3757-1: poppler vulnerability

Hosein Askari discovered that poppler incorrectly handled certain PDF files. An attacker could possible use this issue to cause a denial of service.

29 August 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3752-3: Linux kernel (Azure, GCP, OEM) vulnerabilities

It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1000200) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not…

28 August 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3756-1: Intel Microcode vulnerabilities

It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS)….

27 August 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3755-1: GD vulnerabilities

It was discovered that GD incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-1000222) It was discovered that GD incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-5711)

27 August 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3753-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3753-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A…

24 August 2018 | ubuntu-14.04-lts

USN-3752-2: Linux kernel (HWE) vulnerabilities

USN-3752-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the…

24 August 2018 | ubuntu-16.04-lts