These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4269-1: systemd vulnerabilities

It was discovered that systemd incorrectly handled certain PIDFile files. A local attacker could possibly use this issue to trick systemd into killing privileged processes. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-16888) It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could…

5 February 2020 | ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4268-1: OpenSMTPD vulnerability

It was discovered that OpenSMTPD incorrectly verified the sender’s or receiver’s e-mail addresses under certain conditions. An attacker could use this vulnerability to execute arbitrary commands as root.

5 February 2020 | ubuntu-19.10, ubuntu-18.04-lts

USN-4263-2: Sudo vulnerability

USN-4263-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to…

5 February 2020 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4267-1: ARM mbed TLS vulnerabilities

It was discovered that mbedtls has a bounds-check bypass through an integer overflow that can be used by an attacked to execute arbitrary code or cause a denial of service. (CVE-2017-18187) It was discovered that mbedtls has a vulnerability where an attacker could execute arbitrary code or cause a denial of service (buffer overflow) via a crafted…

5 February 2020 | ubuntu-16.04-lts

USN-4266-1: GraphicsMagick vulnerabilities

It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

4 February 2020 | ubuntu-16.04-lts

USN-4265-2: SpamAssassin vulnerabilities

USN-4265-1 fixed several vulnerabilities in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker…

4 February 2020 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4265-1: SpamAssassin vulnerabilities

It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code.

4 February 2020 | ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4264-1: Django vulnerability

Simon Charette discovered that Django incorrectly handled input in the PostgreSQL module. A remote attacker could possibly use this to perform SQL injection attacks.

4 February 2020 | ubuntu-19.10, ubuntu-18.04-lts

USN-4263-1: Sudo vulnerability

Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account.

3 February 2020 | ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4234-2: Firefox regressions

USN-4234-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially…

30 January 2020 | ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts