Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Showing page 1 of 81   Next >
Show: All  

USN-3456-1: X.Org X server vulnerabilities - 17th October 2017

It was discovered that the X.Org X server incorrectly handled certain lengths. An attacker able to connect to an X server, either locally or remotely, could use these issues to crash the server, or possibly execute arbitrary code.

CVE-2017-12176 CVE-2017-12177 CVE-2017-12178 CVE-2017-12179 CVE-2017-12180 CVE-2017-12181 CVE-2017-12182 CVE-2017-12183 CVE-2017-12184 CVE-2017-12185 CVE-2017-12186 CVE-2017-12187

USN-3455-1: wpa_supplicant and hostapd vulnerabilities - 16th October 2017

Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote ...

CVE-2016-4476 CVE-2016-4477 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088

USN-3454-1: libffi vulnerability - 12th October 2017

It was discovered that libffi incorrectly enforced an executable stack. An attacker could possibly use this issue, in combination with another vulnerability, to facilitate executing arbitrary code.

CVE-2017-1000376

USN-3453-1: X.Org X server vulnerabilities - 12th October 2017

Michal Srb discovered that the X.Org X server incorrectly handled shared memory segments. An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly replace shared memory segments of other X clients in the same session. (CVE-2017-13721) Michal ...

CVE-2017-13721 CVE-2017-13723

USN-3452-1: Ceph vulnerabilities - 11th October 2017

It was discovered that Ceph incorrectly handled the handle_command function. A remote authenticated user could use this issue to cause Ceph to crash, resulting in a denial of service. (CVE-2016-5009) Rahul Aggarwal discovered that Ceph incorrectly handled the authenticated-read ACL. A remote attacker could possibly use this issue to list ...

CVE-2016-5009 CVE-2016-7031 CVE-2016-8626 CVE-2016-9579

USN-3451-1: OpenStack Swift vulnerabilities - 11th October 2017

It was discovered that OpenStack Swift incorrectly handled tempurls. A remote authenticated user in possession of a tempurl key authorized for PUT could retrieve other objects in the same Swift account. (CVE-2015-5223) Romain Le Disez and Örjan Persson discovered that OpenStack Swift incorrectly closed client connections. A remote attacker could ...

CVE-2015-5223 CVE-2016-0737 CVE-2016-0738

USN-3450-1: Open vSwitch vulnerabilities - 11th October 2017

Bhargava Shastry discovered that Open vSwitch incorrectly handled certain OFP messages. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. (CVE-2017-9214) It was discovered that Open vSwitch incorrectly handled certain OpenFlow role messages. A remote attacker could possibly use ...

CVE-2017-9214 CVE-2017-9263 CVE-2017-9264 CVE-2017-9265

USN-3449-1: OpenStack Nova vulnerabilities - 11th October 2017

George Shuklin discovered that OpenStack Nova incorrectly handled the migration process. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. (CVE-2015-3241) George Shuklin and Tushar Patil discovered that OpenStack Nova incorrectly handled deleting instances. A remote authenticated user could use this issue ...

CVE-2015-3241 CVE-2015-3280 CVE-2015-5162 CVE-2015-7548 CVE-2015-7713 CVE-2015-8749 CVE-2016-2140

USN-3448-1: OpenStack Keystone vulnerability - 11th October 2017

Boris Bobrov discovered that OpenStack Keystone incorrectly handled federation mapping when there are rules in which group-based assignments are not used. A remote authenticated user may receive all the roles assigned to a project regardless of the federation mapping, contrary to expectations.

CVE-2017-2673

USN-3447-1: OpenStack Horizon vulnerability - 11th October 2017

Beth Lancaster and Brandon Sawyers discovered that OpenStack Horizon was incorrect protected against cross-site scripting (XSS) attacks. A remote authenticated user could use this issue to inject web script or HTML in a dashboard form.

CVE-2016-4428

USN-3446-1: OpenStack Glance vulnerabilities - 11th October 2017

Hemanth Makkapati discovered that OpenStack Glance incorrectly handled access restrictions. A remote authenticated user could use this issue to change the status of images, contrary to access restrictions. (CVE-2015-5251) Mike Fedosin and Alexei Galkin discovered that OpenStack Glance incorrectly handled the storage quota. A remote authenticated user could use this ...

CVE-2015-5251 CVE-2015-5286 CVE-2016-0757

USN-3436-1: Thunderbird vulnerabilities - 11th October 2017

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing-like context, an attacker could potentially exploit these to read uninitialized memory, bypass phishing and malware protection, conduct cross-site scripting (XSS) attacks, cause a denial of service via application ...

CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824

USN-3445-2: Linux kernel (Trusty HWE) vulnerabilities - 11th October 2017

USN-3445-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Eyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation in the Linux kernel contained a buffer ...

CVE-2016-8633 CVE-2017-14106

USN-3443-3: Linux kernel (GCP) vulnerability - 11th October 2017

Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14106)

CVE-2017-14106

USN-3444-2: Linux kernel (Xenial HWE) vulnerabilities - 10th October 2017

USN-3444-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jan H. Schönherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some ...

CVE-2017-12134 CVE-2017-14106 CVE-2017-14140

USN-3445-1: Linux kernel vulnerabilities - 10th October 2017

Eyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation in the Linux kernel contained a buffer overflow when handling fragmented packets. A remote attacker could use this to possibly execute arbitrary code with administrative privileges. (CVE-2016-8633) Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack ...

CVE-2016-8633 CVE-2017-14106

USN-3444-1: Linux kernel vulnerabilities - 10th October 2017

Jan H. Schönherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service (host crash) or possibly gain administrative privileges in the host. (CVE-2017-12134) Andrey Konovalov discovered that a ...

CVE-2017-12134 CVE-2017-14106 CVE-2017-14140

USN-3424-2: libxml2 vulnerabilities - 10th October 2017

USN-3424-1 fixed several vulnerabilities in libxml2. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute ...

CVE-2017-0663 CVE-2017-7375 CVE-2017-7376 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050

USN-3443-2: Linux kernel (HWE) vulnerabilities - 10th October 2017

USN-3443-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that on the PowerPC architecture, the kernel did not properly sanitize the signal stack when handling sigreturn(). ...

CVE-2017-1000255 CVE-2017-14106

USN-3443-1: Linux kernel vulnerabilities - 10th October 2017

It was discovered that on the PowerPC architecture, the kernel did not properly sanitize the signal stack when handling sigreturn(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-1000255) Andrey Konovalov discovered that a divide-by-zero error existed in the ...

CVE-2017-1000255 CVE-2017-14106

USN-3442-1: libXfont vulnerabilities - 10th October 2017

It was discovered that libXfont incorrectly handled certain patterns in PatternMatch. A local attacker could use this issue to cause libXfont to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2017-13720) It was discovered that libXfont incorrectly handled certain malformed PCF files. A local attacker could ...

CVE-2017-13720 CVE-2017-13722

USN-3441-1: curl vulnerabilities - 10th October 2017

Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-9586) Even Rouault discovered that ...

CVE-2016-9586 CVE-2017-1000100 CVE-2017-1000101 CVE-2017-1000254 CVE-2017-7407

USN-3440-1: poppler vulnerabilities - 6th October 2017

It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. (CVE-2017-14518, CVE-2017-14520, CVE-2017-14617, CVE-2017-14929, CVE-2017-14975, CVE-2017-14977) It was discovered that Poppler incorrectly handled certain files. If a user or ...

CVE-2017-14518 CVE-2017-14520 CVE-2017-14617 CVE-2017-14926 CVE-2017-14928 CVE-2017-14929 CVE-2017-14975 CVE-2017-14977 CVE-2017-9776

USN-3439-1: Ruby vulnerabilities - 5th October 2017

It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. (CVE-2017-0898) Yusuke Endoh discovered that Ruby incorrectly handled certain files. An attacker could use this to execute terminal escape sequences. (CVE-2017-0899) Yusuke Endoh discovered that Ruby incorrectly handled certain inputs. An ...

CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064

USN-3438-1: Git vulnerability - 5th October 2017

It was discovered that Git incorrectly handled certain subcommands such as cvsserver. A remote attacker could possibly use this issue via shell metacharacters in modules names to execute arbitrary code. This update also removes the cvsserver subcommand from git-shell by default.

CVE-2017-14867

USN-3435-2: Firefox regression - 4th October 2017

USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flash plugin to crash in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker ...

LP: 1720908

USN-3437-1: OCaml vulnerability - 3rd October 2017

Radek Micek discovered that OCaml incorrectly handled sign extensions. A remote attacker could use this issue to cause applications using OCaml to crash, to possibly obtain sensitive information, or to possibly execute arbitrary code.

CVE-2015-8869

USN-3430-2: Dnsmasq vulnerabilities - 3rd October 2017

USN-3430-1 fixed several vulnerabilities in Dnsmasq. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in ...

CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496

USN-3435-1: Firefox vulnerabilities - 2nd October 2017

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, bypass phishing and malware protection, spoof the origin in modal dialogs, conduct cross-site scripting (XSS) attacks, cause a ...

CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7811 CVE-2017-7812 CVE-2017-7813 CVE-2017-7814 CVE-2017-7815 CVE-2017-7816 CVE-2017-7818 CVE-2017-7819 CVE-2017-7820 CVE-2017-7821 CVE-2017-7822 CVE-2017-7823 CVE-2017-7824

USN-3434-1: Libidn vulnerability - 2nd October 2017

It was discovered that Libidn incorrectly handled decoding certain digits. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-14062

USN-3433-1: poppler vulnerabilities - 2nd October 2017

It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial service. This issue only affected Ubuntu 17.04. (CVE-2017-14517) It was discovered that Poppler incorrectly handled certain files. If a user or ...

CVE-2017-14517 CVE-2017-14519

USN-3430-1: Dnsmasq vulnerabilities - 2nd October 2017

Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14491) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin ...

CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496

USN-3432-1: ca-certificates update - 2nd October 2017

The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20170717 package.

LP: 1719851

USN-3431-1: NSS vulnerability - 2nd October 2017

Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-7805

USN-3429-1: Libplist vulnerability - 25th September 2017

Wang Junjie discovered that Libplist incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a crash or denial or service.

CVE-2017-7982

USN-3428-1: Emacs vulnerability - 21st September 2017

Charles A. Roelli discovered that Emacs incorrectly handled certain files. If a user were tricked into opening a specially crafted file (e.g., email messages in gnus), an attacker could possibly use this to execute arbitrary code.

CVE-2017-14482

USN-3427-1: Emacs vulnerability - 21st September 2017

Charles A. Roelli discovered that Emacs incorrectly handled certain files. If a user were tricked into opening a specially crafted file (e.g., email messages in gnus), an attacker could possibly use this to execute arbitrary code.

CVE-2017-14482

USN-3426-1: Samba vulnerabilities - 21st September 2017

Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in certain situations. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2017-12150) Stefan Metzmacher discovered that Samba incorrectly handled encryption across DFS redirects. A remote attacker could use this issue to perform a man ...

CVE-2017-12150 CVE-2017-12151 CVE-2017-12163

USN-3414-2: QEMU regression - 20th September 2017

USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for CVE-2017-9375 was incomplete and caused a regression in the USB xHCI controller emulation support. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could ...

LP: 1718222

USN-3425-1: Apache HTTP Server vulnerability - 19th September 2017

Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed.

CVE-2017-9798

USN-3424-1: libxml2 vulnerabilities - 18th September 2017

It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-0663) It was discovered that libxml2 did not properly validate parsed entity references. An attacker could use ...

CVE-2017-0663 CVE-2017-7375 CVE-2017-7376 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050

USN-3423-1: Linux kernel vulnerability - 18th September 2017

It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash).

CVE-2017-1000251

USN-3422-2: Linux kernel (Trusty HWE) vulnerabilities - 18th September 2017

USN-3422-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling ...

CVE-2016-10044 CVE-2016-10200 CVE-2016-7097 CVE-2016-8650 CVE-2016-9083 CVE-2016-9084 CVE-2016-9178 CVE-2016-9191 CVE-2016-9604 CVE-2016-9754 CVE-2017-1000251 CVE-2017-5970 CVE-2017-6214 CVE-2017-6346 CVE-2017-6951 CVE-2017-7187 CVE-2017-7472 CVE-2017-7541

USN-3420-2: Linux kernel (Xenial HWE) vulnerabilities - 18th September 2017

USN-3420-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling ...

CVE-2017-1000251 CVE-2017-10663 CVE-2017-12762 CVE-2017-8831

USN-3419-2: Linux kernel (HWE) vulnerabilities - 18th September 2017

USN-3419-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration ...

CVE-2017-1000251 CVE-2017-7541

USN-3419-1: Linux kernel vulnerabilities - 18th September 2017

It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that a buffer overflow existed in the Broadcom FullMAC WLAN ...

CVE-2017-1000251 CVE-2017-7541

USN-3420-1: Linux kernel vulnerabilities - 18th September 2017

It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux ...

CVE-2017-1000251 CVE-2017-10663 CVE-2017-12762 CVE-2017-8831

USN-3421-1: Libidn2 vulnerability - 18th September 2017

It was discovered that Libidn2 incorrectly handled certain input. A remote attacker could possibly use this issue to cause Libidn2 to crash, resulting in a denial of service.

CVE-2017-14062

USN-3422-1: Linux kernel vulnerabilities - 18th September 2017

It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that the asynchronous I/O (aio) subsystem of the Linux kernel ...

CVE-2016-10044 CVE-2016-10200 CVE-2016-7097 CVE-2016-8650 CVE-2016-9083 CVE-2016-9084 CVE-2016-9178 CVE-2016-9191 CVE-2016-9604 CVE-2016-9754 CVE-2017-1000251 CVE-2017-5970 CVE-2017-6214 CVE-2017-6346 CVE-2017-6951 CVE-2017-7187 CVE-2017-7472 CVE-2017-7541

USN-3346-2: Bind regression - 18th September 2017

USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem. In addition, this update adds the new root zone key signing ...

LP: 1717981

Showing page 1 of 81   Next >
Show: All