These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-3805-1: curl vulnerabilities

Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-16839) Brian Carpenter discovered that curl incorrectly handled memory when closing certain handles. A remote attacker could use…

31 October 2018 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3804-1: OpenJDK vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2018-3136) Artem Smotrakov discovered that the HTTP client redirection…

30 October 2018 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3803-1: Ghostscript vulnerabilities

Tavis Ormandy discovered multiple security issues in Ghostscript. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.

30 October 2018 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3799-2: MySQL vulnerabilities

USN-3799-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.62 in Ubuntu 12.04 ESM. In addition to security…

29 October 2018 | ubuntu-12.04-esm

USN-3802-1: X.Org X server vulnerability

Narendra Shinde discovered that the X.Org X server incorrectly handled certain command line parameters when running as root with the legacy wrapper. When certain graphics drivers are being used, a local attacker could possibly use this issue to overwrite arbitrary files and escalate privileges.

26 October 2018 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3801-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass mixed content warnings, or execute arbitrary code….

24 October 2018 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3800-1: audiofile vulnerabilities

It was discovered that audiofile incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-13440) It was discovered that audiofile incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-17095)

24 October 2018 | ubuntu-14.04-lts

USN-3799-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.62 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.24. In addition to security fixes, the updated packages contain bug fixes,…

23 October 2018 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3788-2: Tex Live-bin vulnerability

USN-3788-1 fixed vulnerabilities in Tex Live. This update provides the corresponding update for Ubuntu 18.10 Original advisory details: It was discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-17407)

23 October 2018 | ubuntu-18.10

USN-3777-3: Linux kernel (Azure) vulnerabilities

USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 %LTS. This update provides the corresponding updates for the Linux kernel for Azure Cloud systems. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to…

23 October 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts