These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4476-1: NSS vulnerability

It was discovered that NSS incorrectly handled some inputs. An attacker could possibly use this issue to expose sensitive information.

27 August 2020 | ubuntu-20.04-lts, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4475-1: Chrony vulnerability

It was discovered that Chrony incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause a denial of service or expose sensitive information.

27 August 2020 | ubuntu-20.04-lts, ubuntu-18.04-lts

USN-4446-2: Squid regression

USN-4446-1 fixed vulnerabilities in Squid. The update introduced a regression when using Squid with the icap or ecap protocols. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this…

27 August 2020 | ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4474-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive information between origins, or execute arbitrary code….

26 August 2020 | ubuntu-20.04-lts, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4473-1: libmysofa vulnerabilities

It was discovered that libmysofa incorrectly handled certain input files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. (CVE-2019-16091, CVE-2019-16092, CVE-2019-16093, CVE-2019-16094, CVE-2019-16095)

26 August 2020 | ubuntu-18.04-lts

USN-4472-1: PostgreSQL vulnerabilities

Noah Misch discovered that PostgreSQL incorrectly handled the search_path setting when used with logical replication. A remote attacker could possibly use this issue to execute arbitrary SQL code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14349) Andres Freund discovered that PostgreSQL incorrectly handled search…

25 August 2020 | ubuntu-20.04-lts, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4470-1: sane-backends vulnerabilities

Kritphong Mongkhonvanit discovered that sane-backends incorrectly handled certain packets. A remote attacker could possibly use this issue to obtain sensitive memory information. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-6318) It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could…

24 August 2020 | ubuntu-20.04-lts, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4471-1: Net-SNMP vulnerabilities

Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. (CVE-2020-15861) It was discovered that Net-SNMP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04…

24 August 2020 | ubuntu-20.04-lts, ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-esm, ubuntu-12.04-esm

USN-4469-1: Ghostscript vulnerabilities

It was discovered that Ghostscript incorrectly handled certain document files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code.

24 August 2020 | ubuntu-20.04-lts, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4468-2: Bind vulnerability

USN-4468-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Dave Feldman, Jeff Warren, and Joel Cunningham discovered that Bind incorrectly handled certain truncated responses to a TSIG-signed request. A remote attacker could possibly use this…

24 August 2020 | ubuntu-14.04-esm, ubuntu-12.04-esm