These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4577-1: Linux kernel vulnerabilities

Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-16119) Giuseppe Scrivano discovered that the overlay file system in…

14 October 2020 | ubuntu-18.04-lts

USN-4580-1: Linux kernel vulnerability

Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

14 October 2020 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4579-1: Linux kernel vulnerabilities

Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-16119) Wen Xu discovered that the XFS file system in the Linux kernel…

14 October 2020 | ubuntu-16.04-lts, ubuntu-14.04-esm

USN-4578-1: Linux kernel vulnerabilities

Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-16119) Wen Xu discovered that the XFS file system in the Linux kernel…

14 October 2020 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-esm

USN-4576-1: Linux kernel vulnerabilities

Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-16119) Jay Shin discovered that the ext4 file system implementation…

14 October 2020 | ubuntu-20.04-lts, ubuntu-18.04-lts

USN-4575-1: dom4j vulnerability

It was discovered that dom4j incorrectly handled reading XML data. A remote attacker could exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code. (CVE-2020-10683)

13 October 2020 | ubuntu-16.04-lts

USN-4574-1: libseccomp-golang vulnerability

It was discovered that libseccomp-golang did not properly generate BPFs. If a process were running under a restrictive seccomp filter that specified multiple syscall arguments, the application could potentially bypass the intended restrictions put in place by seccomp.

7 October 2020 | ubuntu-16.04-lts

USN-4572-2: Spice vulnerability

USN-4572-1 fixed a vulnerability in Spice. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.

7 October 2020 | ubuntu-14.04-esm

USN-4573-1: Vino vulnerabilities

Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2014-6053) It was discovered that Vino incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain…

7 October 2020 | ubuntu-20.04-lts, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4572-1: Spice vulnerability

Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.

6 October 2020 | ubuntu-20.04-lts, ubuntu-18.04-lts, ubuntu-16.04-lts