These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4327-1: libssh vulnerability

Yasheng Yang discovered that libssh incorrectly handled AES-CTR ciphers. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service.

9 April 2020 | ubuntu-19.10, ubuntu-18.04-lts

USN-4326-1: libiberty vulnerabilities

It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code

8 April 2020 | ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4325-1: Linux kernel vulnerabilities

It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19046) Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability….

7 April 2020 | ubuntu-18.04-lts

USN-4324-1: Linux kernel vulnerabilities

Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-8428) Shijie Luo discovered that the ext4 file system implementation in the Linux kernel did not…

7 April 2020 | ubuntu-18.04-lts, ubuntu-16.04-lts, ubuntu-14.04-esm

USN-4323-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6821, CVE-2020-6822, CVE-2020-6824, CVE-2020-6825, CVE-2020-6826) It was discovered that…

7 April 2020 | ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4322-1: GnuTLS vulnerability

It was discovered that GnuTLS incorrectly handled randomness when performing DTLS negotiation. A remote attacker could possibly use this issue to obtain sensitive information, contrary to expectations.

7 April 2020 | ubuntu-19.10

USN-4321-1: HAProxy vulnerability

Felix Wilhelm discovered that HAProxy incorrectly handled certain HTTP/2 requests. An attacker could possibly use this to execute arbitrary code.

7 April 2020 | ubuntu-19.10, ubuntu-18.04-lts

USN-4318-1: Linux kernel vulnerabilities

Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-8428) Gustavo Romero and Paul Mackerras discovered that the KVM implementation in the Linux kernel for…

6 April 2020 | ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4320-1: Linux kernel vulnerability

Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory).

6 April 2020 | ubuntu-16.04-lts, ubuntu-14.04-esm

USN-4317-1: Firefox vulnerabilities

Two use-after-free bugs were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit these to cause a denial of service or execute arbitrary code.

4 April 2020 | ubuntu-19.10, ubuntu-18.04-lts, ubuntu-16.04-lts