These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-3874-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute arbitrary code. (CVE-2018-18500, CVE-2018-18501, CVE-2018-18502,…

30 January 2019 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3873-1: Open vSwitch vulnerabilities

It was discovered that Open vSwitch incorrectly decoded certain packets. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. (CVE-2018-17204) It was discovered that Open vSwitch incorrectly handled processing certain flows. A remote attacker could possibly use this issue to cause…

30 January 2019 | ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3872-1: Linux kernel (HWE) vulnerabilities

It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625) Cfir Cohen discovered that a use-after-free…

29 January 2019 | ubuntu-18.04-lts

USN-3871-1: Linux kernel vulnerabilities

Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879) Wen Xu discovered that a…

29 January 2019 | ubuntu-18.04-lts

USN-3870-1: Spice vulnerability

Christophe Fergeau discovered that Spice incorrectly handled memory. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.

28 January 2019 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3868-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code.

24 January 2019 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3869-1: Subversion vulnerability

Ivan Zhakov discovered that Subversion incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.

24 January 2019 | ubuntu-18.10

USN-3867-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see…

23 January 2019 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3866-1: Ghostscript vulnerability

Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.

23 January 2019 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3707-2: NTP vulnerabilities

USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of…

23 January 2019 | ubuntu-12.04-esm