These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4005-1: Linux kernel vulnerabilities

It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol…

4 June 2019 | ubuntu-19.04

USN-4006-1: Linux kernel vulnerability

Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. As a hardening measure, this update disables a.out support.

4 June 2019 | ubuntu-18.10

USN-4004-2: Berkeley DB vulnerability

USN-4004-1 fixed a vulnerability in Berkeley DB. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Berkeley DB incorrectly handled certain inputs. An attacker could possibly use this issue to read sensitive information.

4 June 2019 | ubuntu-14.04-esm

USN-4004-1: Berkeley DB vulnerability

It was discovered that Berkeley DB incorrectly handled certain inputs. An attacker could possibly use this issue to read sensitive information.

4 June 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4003-1: Qt vulnerabilities

It was discovered that Qt incorrectly handled certain XML documents. A remote attacker could use this issue with a specially crafted XML document to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-15518) It was discovered that Qt incorrectly handled certain GIF images. A remote attacker could use…

3 June 2019 | ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4002-1: Doxygen vulnerability

It was discovered that Doxygen incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code and compromise sensitive information.

3 June 2019 | ubuntu-16.04-lts

USN-4001-2: libseccomp vulnerability

USN-4001-1 fixed a vulnerability in libseccomp. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators (LT, GT, LE, GE). An attacker could use this to bypass intended access…

30 May 2019 | ubuntu-14.04-esm

USN-4001-1: libseccomp vulnerability

Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators (LT, GT, LE, GE). An attacker could use this to bypass intended access restrictions for argument-filtered system calls.

30 May 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4000-1: Corosync vulnerability

It was discovered that Corosync incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

30 May 2019 | ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3999-1: GnuTLS vulnerabilities

Eyal Ronen, Kenneth G. Paterson, and Adi Shamir discovered that GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could possibly use this issue to perform plaintext-recovery attacks via analysis of timing data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS….

30 May 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts