These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4124-1: Exim vulnerability

It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands.

6 September 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4123-1: npm/fstream vulnerability

It was discovered that npm/fstream incorrectly handled certain crafted tarballs. An attacker could use this vulnerability to write aritrary files to the filesystem.

5 September 2019 | ubuntu-19.04, ubuntu-18.04-lts

USN-4122-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy (CSP) protections, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, cause a denial of service,…

4 September 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4121-1: Samba vulnerability

Stefan Metzmacher discovered that the Samba SMB server did not properly prevent clients from escaping outside the share root directory in some situations. An attacker could use this to gain access to files outside of the Samba share, where allowed by the permissions of the underlying filesystem.

3 September 2019 | ubuntu-19.04

USN-4120-1: systemd vulnerability

It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system’s DNS resolver settings.

3 September 2019 | ubuntu-19.04, ubuntu-18.04-lts

USN-4119-1: Irssi vulnerability

It was discovered that Irssi incorrectly handled certain CAP requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

3 September 2019 | ubuntu-19.04

USN-4118-1: Linux kernel (AWS) vulnerabilities

It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to…

2 September 2019 | ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4117-1: Linux kernel (AWS) vulnerabilities

It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values…

2 September 2019 | ubuntu-19.04

USN-4116-1: Linux kernel vulnerabilities

It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Amit Klein and Benny Pinkas discovered that the Linux kernel did…

2 September 2019 | ubuntu-16.04-lts

USN-4115-1: Linux kernel vulnerabilities

Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux…

2 September 2019 | ubuntu-18.04-lts, ubuntu-16.04-lts