These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4216-2: Firefox vulnerabilities

USN-4216-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain…

13 December 2019 | ubuntu-16.04-lts

USN-4214-2: RabbitMQ vulnerability

USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

11 December 2019 | ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4217-2: Samba vulnerabilities

USN-4217-1 fixed several vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of…

11 December 2019 | ubuntu-14.04-esm

USN-4221-1: libpcap vulnerability

It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service (memory exhaustion).

11 December 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-esm

USN-4202-2: Thunderbird regression

USN-4202-1 fixed vulnerabilities in Thunderbird. After upgrading, Thunderbird created a new profile for some users. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid…

10 December 2019 | ubuntu-19.10, ubuntu-18.04-lts

USN-4220-1: Git vulnerabilities

Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory.

10 December 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4219-1: libssh vulnerability

It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server.

10 December 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4218-1: GNU C Library vulnerability

Jakub Wilk discovered that GNU C Library incorrectly handled certain memory alignments. An attacker could possibly use this issue to execute arbitrary code or cause a crash.

10 December 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4217-1: Samba vulnerabilities

Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. (CVE-2019-14861) Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to…

10 December 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4216-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code.

9 December 2019 | ubuntu-19.10, ubuntu-19.04, ubuntu-18.04-lts