These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-3625-1: Perl vulnerabilities

It was discovered that Perl incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Perl to hang, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8853) It was discovered that Perl incorrectly loaded libraries from the current working directory. A local attacker…

16 April 2018 | ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3621-2: Ruby regression

USN-3621-1 fixed vulnerabilities in Ruby. The update caused an issue due to an incomplete patch for CVE-2018-1000074. This update reverts the problematic patch pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly…

13 April 2018 | ubuntu-14.04-lts

USN-3624-1: Patch vulnerabilities

It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2016-10713) It was discovered that Patch incorrectly handled certain input validation. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000156) It was discovered that Patch incorrectly…

10 April 2018 | ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3623-1: ubuntu-release-upgrader vulnerability

It was discovered that ubuntu-release-upgrader did not correctly drop permissions before opening a browser to view the release notes. This update fixes the issue.

9 April 2018 | ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3622-1: Wayland vulnerability

It was discovered that the Wayland Xcursor support incorrectly handled certain files. An attacker could use these issues to cause Wayland to crash, resulting in a denial of service, or possibly execute arbitrary code.

9 April 2018 | ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3616-2: Python Crypto vulnerability

USN-3616-1 fixed a vulnerability in Python Crypto. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information.

9 April 2018 | ubuntu-12.04-esm

USN-3596-2: Firefox regression

USN-3596-1 fixed vulnerabilities in Firefox. The update caused an issue where it was not possible to customize the toolbars when running Firefox in Unity. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a…

6 April 2018 | ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3619-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in…

5 April 2018 | ubuntu-14.04-lts

USN-3621-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. (CVE-2018-1000073) It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000074) It was discovered that Ruby incorrectly handled…

5 April 2018 | ubuntu-17.10, ubuntu-16.04-lts, ubuntu-14.04-lts

USN-3620-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3620-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via…

5 April 2018 | ubuntu-12.04-esm