These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Latest notices

USN-4002-1: Doxygen vulnerability

It was discovered that Doxygen incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code and compromise sensitive information.

3 June 2019 | ubuntu-16.04-lts

USN-4001-2: libseccomp vulnerability

USN-4001-1 fixed a vulnerability in libseccomp. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators (LT, GT, LE, GE). An attacker could use this to bypass intended access…

30 May 2019 | ubuntu-14.04-esm

USN-4001-1: libseccomp vulnerability

Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators (LT, GT, LE, GE). An attacker could use this to bypass intended access restrictions for argument-filtered system calls.

30 May 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-4000-1: Corosync vulnerability

It was discovered that Corosync incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

30 May 2019 | ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3999-1: GnuTLS vulnerabilities

Eyal Ronen, Kenneth G. Paterson, and Adi Shamir discovered that GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could possibly use this issue to perform plaintext-recovery attacks via analysis of timing data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS….

30 May 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3998-1: Evolution Data Server vulnerability

Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certain circumstances, this could result in displaying clear-text portions of encrypted messages as though they were encrypted.

30 May 2019 | ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3968-2: Sudo vulnerability

USN-3968-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to…

29 May 2019 | ubuntu-14.04-esm

USN-3996-1: GNU Screen vulnerability

Kuang-che Wu discovered that GNU Screen improperly handled certain input. An attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service or the execution of arbitrary code.

29 May 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm

USN-3997-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin protections, or execute arbitrary code. (CVE-2019-18511, CVE-2019-11691, CVE-2019-11692,…

28 May 2019 | ubuntu-19.04, ubuntu-18.10, ubuntu-18.04-lts, ubuntu-16.04-lts

USN-3995-2: Keepalived vulnerability

USN-3995-1 fixed a vulnerability in keepalived. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Keepalived incorrectly handled certain HTTP status response codes. A remote attacker could use this issue to cause Keepalived to crash, resulting in a denial…

28 May 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm