These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4135-2: Linux kernel vulnerabilities

Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2019-14835) It was discovered that the Linux kernel on PowerPC architectures did…

18 September 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4135-1: Linux kernel vulnerabilities

Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2019-14835) It was discovered that the Linux kernel on PowerPC architectures did…

18 September 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4113-2: Apache HTTP Server regression

USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Stefan Eissing discovered that the HTTP/2 implementation in Apache did…

17 September 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4124-2: Exim vulnerability

USN-4124-1 fixed a vulnerability in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands.

16 September 2019 | ubuntu-14.04-esm

USN-4134-1: IBus vulnerability

Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.

16 September 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4133-1: Wireshark vulnerabilities

It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.

16 September 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4129-2: curl vulnerability

USN-4129-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service, or possibly execute…

12 September 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4132-2: Expat vulnerability

USN-4132-1 fixed a vulnerability in Expat. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.

12 September 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4132-1: Expat vulnerability

It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.

12 September 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4131-1: VLC vulnerabilities

It was discovered that VLC incorrectly handled certain media files. If a user were tricked into opening a specially-crafted file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code.

11 September 2019 | ubuntu-19.04, ubuntu-18.04-lts