These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4346-1: Linux kernel vulnerabilities

It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16233) It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for…

29 April 2020 | ubuntu-16.04-lts, ubuntu-14.04-esm

USN-4345-1: Linux kernel vulnerabilities

Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2020-11884) It was discovered that the Intel Wi-Fi driver in the Linux kernel did…

28 April 2020 | ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4344-1: Linux kernel vulnerabilities

It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16234) It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not properly deallocate memory in certain…

28 April 2020 | ubuntu-18.04-lts

USN-4343-1: Linux kernel vulnerability

Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.

28 April 2020 | ubuntu-20.04-lts

USN-4341-1: Samba vulnerabilities

Andrei Popa discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-10700) It was discovered that Samba incorrectly handled certain LDAP…

28 April 2020 | ubuntu-20.04-lts, ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4338-2: re2c vulnerability

USN-4338-1 fixed vulnerabilities in re2c. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: Agostino Sarubbo discovered that re2c incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

28 April 2020 | ubuntu-20.04-lts

USN-4332-2: File Roller vulnerability

USN-4332-1 fixed vulnerabilities in File Roller. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that File Roller incorrectly handled symlinks. An attacker could possibly use this issue to expose sensitive information.

27 April 2020 | ubuntu-20.04-lts

USN-4340-1: CUPS vulnerabilities

It was discovered that CUPS incorrectly handled certain language values. A local attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or possibly obtain sensitive information. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. (CVE-2019-2228) Stephan Zeisberg discovered that…

27 April 2020 | ubuntu-20.04-lts, ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4339-1: OpenEXR vulnerabilities

Brandon Perry discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 20.04 LTS. (CVE-2017-9111, CVE-2017-9113, CVE-2017-9115) Tan Jie…

27 April 2020 | ubuntu-20.04-lts, ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4338-1: re2c vulnerability

Agostino Sarubbo discovered that re2c incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

22 April 2020 | ubuntu-19.10