These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4112-1: Ceph vulnerability

Abhishek Lekshmanan discovered that the RADOS gateway implementation in Ceph did not handle client disconnects properly in some situations. A remote attacker could use this to cause a denial of service.

29 August 2019 | ubuntu-19.04, ubuntu-18.04-lts

USN-4111-1: Ghostscript vulnerabilities

Hiroki Matsukuma discovered that the PDF interpreter in Ghostscript did not properly restrict privileged calls when ‘-dSAFER’ restrictions were in effect. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files. (CVE-2019-14811, CVE-2019-14812,…

29 August 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4110-4: Dovecot regression

USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. We apologize for the inconvenience. Original advisory details: Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could…

28 August 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4110-3: Dovecot regression

USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial…

28 August 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4110-2: Dovecot vulnerability

USN-4110-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary…

28 August 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4110-1: Dovecot vulnerability

Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

28 August 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4109-1: OpenJPEG vulnerabilities

It was discovered that OpenJPEG incorrectly handled certain PGX files. An attacker could possibly use this issue to cause a denial of service or possibly remote code execution. (CVE-2017-17480) It was discovered that OpenJPEG incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service….

21 August 2019 | ubuntu-18.04-lts

USN-4108-1: Zstandard vulnerability

It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

21 August 2019 | ubuntu-18.04-lts

USN-4107-1: GIFLIB vulnerabilities

It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2016-3977) It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of…

20 August 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4106-1: NLTK vulnerability

Mike Salvatore discovered that NLTK mishandled crafted ZIP archives during extraction. A remote attacker could use this vulnerability to write arbitrary files to the filesystem

20 August 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts