These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4072-1: Ansible vulnerabilities

It was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. (CVE-2017-7481) (CVE-2018-10855) (CVE-2018-16837) (CVE-2018-16876) (CVE-2019-10156) It was discovered that Ansible could load configuration files from the current working directory containing crafted…

24 July 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4071-2: Patch vulnerabilities

USN-4071-1 fixed several vulnerabilities in Patch. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-13636) It was discovered that Patch incorrectly…

24 July 2019 | ubuntu-14.04-esm

USN-4071-1: Patch vulnerabilities

It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2019-13636) It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-13638)

24 July 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4070-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.27. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see…

24 July 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4069-1: Linux kernel vulnerabilities

It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel…

23 July 2019 | ubuntu-19.04

USN-4068-2: Linux kernel (HWE) vulnerabilities

USN-4068-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 for Ubuntu 16.04 LTS. Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in…

23 July 2019 | ubuntu-16.04-lts

USN-4068-1: Linux kernel vulnerabilities

Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085) It was discovered that a race condition leading to a…

23 July 2019 | ubuntu-18.04-lts

USN-4067-1: Evince vulnerability

It was discovered that Evince incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code.

22 July 2019 | ubuntu-16.04-lts

USN-4065-2: Squid vulnerabilities

USN-4065-1 fixed several vulnerabilities in Squid. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2019-12525) …

22 July 2019 | ubuntu-12.04-esm

USN-4066-2: ClamAV vulnerability

USN-4066-1 fixed a vulnerability in libmspack. This update provides the corresponding update for ClamAV in Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information.

22 July 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm