These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4330-2: PHP vulnerabilities

USN-4330-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. (CVE-2020-7064) It was discovered that PHP…

6 May 2020 | ubuntu-20.04-lts

USN-4350-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.80 in Ubuntu 19.10 and Ubuntu 20.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.30. In addition to security fixes, the updated packages contain bug fixes,…

4 May 2020 | ubuntu-20.04-lts, ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts

LSN-0066-1: Kernel Live Patch Security Notice

Several security issues were fixed in the Linux kernel.

1 May 2020 | ubuntu-14.04-esm, ubuntu-16.04-lts, ubuntu-18.04-lts

USN-4349-1: EDK II vulnerabilities

A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. (CVE-2018-12178) A buffer overflow was discovered in BlockIo service. An unauthenticated user could potentially enable…

30 April 2020 | ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4342-1: Linux kernel vulnerabilities

Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2020-11884) It was discovered that the Intel Wi-Fi driver in the Linux kernel did…

30 April 2020 | ubuntu-19.10, ubuntu-18.04-lts

USN-4333-2: Python vulnerabilities

USN-4333-1 fixed vulnerabilities in Python. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that Python incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. (CVE-2019-18348) It was discovered that Python…

30 April 2020 | ubuntu-20.04-lts

USN-4341-2: Samba vulnerability

USN-4341-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. (CVE-2020-10704)

29 April 2020 | ubuntu-14.04-esm

USN-4348-1: Mailman vulnerabilities

It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this to issue execute arbitrary scripts or HTML. (CVE-2018-0618) It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to display arbitrary text on a web page. (CVE-2018-13796) It was discovered…

29 April 2020 | ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4347-1: WebKitGTK vulnerability

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

29 April 2020 | ubuntu-20.04-lts, ubuntu-19.10, ubuntu-18.04-lts

USN-4341-3: Samba regression

USN-4341-1 fixed vulnerabilities in Samba. The updated packages for Ubuntu 16.04 LTS introduced a regression when using LDAP. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to…

29 April 2020 | ubuntu-16.04-lts