These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-3630-2: Linux kernel (HWE) vulnerability

USN-3630-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A…

24 April 2018 | ubuntu-16.04-lts

USN-3630-1: Linux kernel vulnerability

It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash).

23 April 2018 | ubuntu-17.10

USN-3629-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.22. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly…

23 April 2018 | ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3628-2: OpenSSL vulnerability

USN-3628-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to…

19 April 2018 | ubuntu-12.04-esm

USN-3628-1: OpenSSL vulnerability

Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys.

19 April 2018 | ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3627-1: Apache HTTP Server vulnerabilities

Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-15710) Elar Lang discovered that the Apache HTTP Server incorrectly…

19 April 2018 | ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3625-2: Perl vulnerabilities

USN-3625-1 fixed a vulnerability in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Perl incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Perl to hang, resulting in a denial of service. (CVE-2015-8853) It was…

17 April 2018 | ubuntu-12.04-esm

USN-3611-2: OpenSSL vulnerabilities

USN-3611-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that OpenSSL incorrectly parsed the IPAddressFamily extension in X.509 certificates, resulting in an erroneous display of the certificate in text format. (CVE-2017-3735) It was…

17 April 2018 | ubuntu-12.04-esm

USN-3626-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. (CVE-2018-6914) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. (CVE-2018-8778, CVE-2018-8780) It was discovered that Ruby incorrectly…

16 April 2018 | ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3624-2: Patch vulnerabilities

USN-3624-1 fixed a vulnerability in Patch. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2016-10713) It was discovered that Patch incorrectly handled certain…

16 April 2018 | ubuntu-12.04-esm