These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-3797-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3797-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker…

23 October 2018 | ubuntu-14.04-lts

USN-3797-1: Linux kernel vulnerabilities

Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734) It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kernel. A local attacker could use this to expose…

23 October 2018 | ubuntu-16.04-lts

USN-3798-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3798-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already…

23 October 2018 | ubuntu-12.04-esm

USN-3798-1: Linux kernel vulnerabilities

Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8539) It was discovered that a use-after-free…

23 October 2018 | ubuntu-14.04-lts

USN-3790-2: Requests vulnerability

USN-3790-1 fixed vulnerabilities in Requests. This update provides the corresponding update for Ubuntu 18.10 Original advisory details: It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information.

22 October 2018 | ubuntu-18.10

USN-3796-3: Paramiko vulnerability

USN-3796-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 18.10. Original advisory details: Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials.

22 October 2018 | ubuntu-18.10

USN-3795-2: libssh vulnerability

USN-3795-1 fixed a vulnerability in libssh. This update provides the corresponding update for Ubuntu 18.10. Original advisory details: Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials.

22 October 2018 | ubuntu-18.10

USN-3792-3: Net-SNMP vulnerability

USN-3792-1 fixed a vulnerability in Net-SNMP. This update provides the corresponding update for Ubuntu 18.10. Original advisory details: It was discovered that Net-SNMP incorrectly handled certain certain crafted packets. A remote attacker could possibly use this issue to cause Net-SNMP to crash, resulting in a denial of service.

22 October 2018 | ubuntu-18.10

USN-3796-2: Paramiko vulnerability

USN-3796-1 fixed a vulnerability in paramiko. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials.

17 October 2018 | ubuntu-12.04-esm

USN-3796-1: Paramiko vulnerability

Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials.

17 October 2018 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-lts