These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4170-2: Whoopsie regression

USN-4170-1 fixed a vulnerability in Whoopsie. The update caused Whoopsie to crash when sending reports. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a…

30 October 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4173-1: FreeTDS vulnerability

Felix Wilhelm discovered that FreeTDS incorrectly handled certain types after a protocol downgrade. A remote attacker could use this issue to cause FreeTDS to crash, resulting in a denial of service, or possibly execute arbitrary code.

30 October 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts

USN-4172-1: file vulnerability

It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

30 October 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4171-1: Apport vulnerabilities

Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. (CVE-2019-11481) Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a…

30 October 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4170-1: Whoopsie vulnerability

Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user.

30 October 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4169-1: libarchive vulnerability

It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly execute arbitrary code.

29 October 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-esm

USN-4167-2: Samba vulnerabilities

USN-4167-1 fixed several vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker…

29 October 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4168-1: Libidn2 vulnerabilities

It was discovered that Libidn2 incorrectly handled certain inputs. A attacker could possibly use this issue to impersonate domains. (CVE-2019-12290) It was discovered that Libidn2 incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-18224)

29 October 2019 | ubuntu-19.04, ubuntu-18.04-lts

USN-4167-1: Samba vulnerabilities

Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. (CVE-2019-10218) Simon Fonteneau and Bj√∂rn Baumbach discovered that Samba…

29 October 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4166-2: PHP vulnerability

USN-4166-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly handled certain paths when being used in FastCGI configurations. A remote attacker could possibly use this issue to execute arbitrary code.

29 October 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm