These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4049-3: GLib regression

USN-4049-1 fixed a vulnerability in GLib. The update introduced a regression in Ubuntu 16.04 LTS causing a possibly memory leak. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that GLib created directories and files without properly restricting permissions. An attacker could…

5 August 2019 | ubuntu-16.04-lts

USN-4058-2: Bash vulnerability

USN-4058-1 fixed a vulnerability in bash. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command.

5 August 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4079-2: SoX vulnerabilities

USN-4079-1 fixed vulnerabilities in SoX. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 19.04. Original advisory details: It was discovered that SoX incorrectly handled certain MP3 files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-8354, CVE-2019-8355, CVE-2019-8356,…

1 August 2019 | ubuntu-19.04, ubuntu-18.04-lts

USN-4085-1: Sigil vulnerability

Mike Salvatore discovered that Sigil mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem.

1 August 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4084-1: Django vulnerabilities

It was discovered that Django incorrectly handled the Truncator function. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. (CVE-2019-14232) It was discovered that Django incorrectly handled the strip_tags function. A remote attacker could possibly use this issue to cause Django…

1 August 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4069-2: Linux kernel (HWE) vulnerabilities

USN-4069-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS. It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free…

1 August 2019 | ubuntu-18.04-lts

USN-4082-2: Subversion vulnerabilities

USN-4082-1 fixed several vulnerabilities in Subversion. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of…

31 July 2019 | ubuntu-12.04-esm

USN-4083-1: OpenJDK 11 vulnerabilities

It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. (CVE-2019-2762) It was discovered that in some situations OpenJDK did not properly bound the…

31 July 2019 | ubuntu-19.04, ubuntu-18.04-lts

USN-4082-1: Subversion vulnerabilities

Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. (CVE-2018-11782) Tomas Bortoli discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this…

31 July 2019 | ubuntu-16.04-lts

USN-4081-1: Pango vulnerability

It was discovered that Pango incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

31 July 2019 | ubuntu-19.04