Ubuntu security notices
These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.
You can also view the latest notices by subscribing to the RSS 
or the Atom feeds.
USN-2584-1: Linux kernel (EC2) vulnerability - 30th April 2015
A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.
USN-2583-1: Linux kernel vulnerability - 30th April 2015
A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.
USN-2573-1: OpenJDK 6 vulnerabilities - 21st April 2015
Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469) Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect ...
CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488
USN-2572-1: PHP vulnerabilities - 20th April 2015
It was discovered that PHP incorrectly handled cleanup when used with Apache 2.4. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-3330) It was discovered that PHP incorrectly handled opening tar, zip or phar archives ...
CVE-2015-2305 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-3330
USN-2566-1: dpkg vulnerability - 9th April 2015
Jann Horn discovered that dpkg incorrectly validated signatures when extracting local source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could bypass signature verification checks.
USN-2559-1: Libtasn1 vulnerability - 8th April 2015
Hanno Böck discovered that Libtasn1 incorrectly handled certain ASN.1 data. A remote attacker could possibly exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code.
USN-2553-2: LibTIFF regression - 1st April 2015
USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available. We apologize for the inconvenience. Original advisory details: William Robinet discovered that LibTIFF ...
USN-2555-1: Libgcrypt vulnerabilities - 1st April 2015
Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. (CVE-2014-3591) Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via ...
USN-2554-1: GnuPG vulnerabilities - 1st April 2015
Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. (CVE-2014-3591) Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an attack via ...
CVE-2014-3591 CVE-2014-5270 CVE-2015-0837 CVE-2015-1606 CVE-2015-1607
USN-2553-1: LibTIFF vulnerabilities - 31st March 2015
William Robinet discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130) Paris ...
CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655
USN-2540-1: GnuTLS vulnerabilities - 23rd March 2015
It was discovered that GnuTLS did not perform date and time checks on CA certificates, contrary to expectations. This issue only affected Ubuntu 10.04 LTS. (CVE-2014-8155) Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly verified that signature algorithms matched. A remote attacker could possibly use this issue to downgrade to a disallowed ...
USN-2539-1: Django vulnerabilities - 23rd March 2015
Andrey Babak discovered that Django incorrectly handled strip_tags. A remote attacker could possibly use this issue to cause Django to enter an infinite loop, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2316) Daniel Chatfield discovered that Django incorrectly handled user-supplied redirect ...
USN-2537-1: OpenSSL vulnerabilities - 19th March 2015
It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2015-0209) Stephen Henson discovered that OpenSSL incorrectly handled comparing ASN.1 boolean types. A remote attacker ...
CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293
USN-2536-1: libXfont vulnerabilities - 18th March 2015
Ilja van Sprundel, Alan Coopersmith, and William Robinet discovered that libXfont incorrectly handled malformed bdf fonts. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges.
USN-2535-1: PHP vulnerabilities - 18th March 2015
Thomas Jarosch discovered that PHP incorrectly limited recursion in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to consume resources or crash, resulting in a denial of service. (CVE-2014-8117) S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker ...
USN-2533-1: Sudo vulnerability - 16th March 2015
Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled the TZ environment variable. An attacker with Sudo access could possibly use this issue to open arbitrary files, bypassing intended permissions.
USN-2525-1: Linux kernel vulnerability - 12th March 2015
It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges.
USN-2524-1: eCryptfs vulnerability - 10th March 2015
Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this issue to discover the login password used to protect the mount passphrase and gain unintended access to the encrypted files.
USN-2523-1: Apache HTTP Server vulnerabilities - 10th March 2015
Martin Holst Swende discovered that the mod_headers module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker could possibly use this issue to bypass RequestHeaders directives. (CVE-2013-5704) Mark Montague discovered that the mod_cache module incorrectly handled empty HTTP Content-Type headers. A remote attacker could use this ...
CVE-2013-5704 CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228
USN-2520-1: CUPS vulnerability - 26th February 2015
Peter De Wachter discovered that CUPS incorrectly handled certain malformed compressed raster files. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.
USN-2519-1: GNU C Library vulnerabilities - 26th February 2015
Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file descriptors when resolving DNS queries under high load. This may cause a denial of service in other applications, or an information leak. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2013-7423) It ...
USN-2512-1: Linux kernel (EC2) vulnerabilities - 26th February 2015
A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529) A memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ...
USN-2511-1: Linux kernel vulnerabilities - 26th February 2015
A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529) A memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ...
USN-2510-1: FreeType vulnerabilities - 24th February 2015
Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675
USN-2509-1: ca-certificates update - 23rd February 2015
The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20141019 package.
USN-2507-1: e2fsprogs vulnerabilities - 23rd February 2015
Jose Duart discovered that e2fsprogs incorrectly handled invalid block group descriptor data. A local attacker could use this issue with a crafted filesystem image to possibly execute arbitrary code. (CVE-2015-0247, CVE-2015-1572)
USN-2504-1: NSS update - 19th February 2015
The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.17.4 which includes the latest CA certificate bundle.
USN-2488-2: ClamAV vulnerability - 12th February 2015
USN-2488-1 fixed a vulnerability in ClamAV for Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. This update provides the corresponding update for Ubuntu 10.04 LTS. Original advisory details: Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled certain upack packer files. An attacker could possibly use this issue to cause ...
USN-2499-1: PostgreSQL vulnerabilities - 11th February 2015
Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions. (CVE-2014-8161) Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL incorrectly handled buffers in to_char functions. An authenticated attacker could possibly use this ...
USN-2498-1: Kerberos vulnerabilities - 10th February 2015
It was discovered that Kerberos incorrectly sent old keys in response to a -randkey -keepold request. An authenticated remote attacker could use this issue to forge tickets by leveraging administrative access. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5351) It was discovered that ...
CVE-2014-5351 CVE-2014-5352 CVE-2014-5353 CVE-2014-5354 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423
USN-2496-1: GNU binutils vulnerabilities - 9th February 2015
Michal Zalewski discovered that the setup_group function in libbfd in GNU binutils did not properly check group headers in ELF files. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8485) Hanno Böck discovered that the _bfd_XXi_swap_aouthdr_in ...
CVE-2012-3509 CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738
USN-2497-1: NTP vulnerabilities - 9th February 2015
Stephen Roettger, Sebastian Krahmer, and Harlan Stenn discovered that NTP incorrectly handled the length value in extension fields. A remote attacker could use this issue to possibly obtain leaked information, or cause the NTP daemon to crash, resulting in a denial of service. (CVE-2014-9297) Stephen Roettger discovered that NTP incorrectly ...
USN-2469-2: Django regression - 4th February 2015
USN-2469-1 fixed vulnerabilities in Django. The security fix for CVE-2015-0221 introduced a regression on Ubuntu 10.04 LTS and Ubuntu 12.04 LTS when serving static content through GZipMiddleware. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jedediah Smith discovered that Django incorrectly handled underscores in WSGI ...
USN-2494-1: file vulnerabilities - 4th February 2015
Francisco Alonso discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to crash, resulting in a denial of service. (CVE-2014-3710) Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to hang or ...
USN-2491-1: Linux kernel (EC2) vulnerabilities - 3rd February 2015
Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. (CVE-2014-9322) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the ...
CVE-2014-3610 CVE-2014-3611 CVE-2014-8133 CVE-2014-9322 CVE-2014-9420
USN-2490-1: Linux kernel vulnerabilities - 3rd February 2015
Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information ...
USN-2489-1: unzip vulnerability - 3rd February 2015
Michal Zalewski discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.
USN-2486-1: OpenJDK 6 vulnerabilities - 27th January 2015
Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395, CVE-2015-0408, CVE-2015-0412) Several vulnerabilities were discovered in the OpenJDK JRE related to ...
CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0400 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412
USN-2485-1: GNU C Library vulnerability - 27th January 2015
It was discovered that a buffer overflow existed in the gethostbyname and gethostbyname2 functions in the GNU C Library. An attacker could use this issue to execute arbitrary code or cause an application crash, resulting in a denial of service.
CVE-2015-0235 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GHOST
USN-2483-2: Ghostscript vulnerabilities - 26th January 2015
USN-2483-1 fixed vulnerabilities in JasPer. This update provides the corresponding fix for the JasPer library embedded in the Ghostscript package. Original advisory details: Jose Duart discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, ...
USN-2482-1: elfutils vulnerability - 22nd January 2015
Alexander Cherepanov discovered that libelf1 incorrectly handled certain filesystem paths while extracting ar archives. An attacker could use this flaw to perform a directory traversal attack on the root directory if the process extracting the ar archive has write access to the root directory.
USN-2477-1: libevent vulnerability - 19th January 2015
Andrew Bartlett discovered that libevent incorrectly handled large inputs to the evbuffer API. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of service, or possibly execute arbitrary code.
USN-2474-1: curl vulnerability - 15th January 2015
Andrey Labunets discovered that curl incorrectly handled certain URLs when using a proxy server. If a user or automated system were tricked into using a specially crafted URL, an attacker could possibly use this issue to inject arbitrary HTTP requests.
USN-2473-1: coreutils vulnerabilities - 14th January 2015
It was discovered that the distcheck rule in dist-check.mk in GNU coreutils allows local users to gain privileges via a symlink attack on a directory tree under /tmp. This issue only affected Ubuntu 10.04 LTS. (CVE-2009-4135) Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly handled user-supplied input. An ...
USN-2472-1: unzip vulnerabilities - 14th January 2015
Wolfgang Ettlinger discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.
USN-2469-1: Django vulnerabilities - 13th January 2015
Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. (CVE-2015-0219) Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. ...
USN-2462-1: Linux kernel vulnerabilities - 13th January 2015
Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. (CVE-2014-9322) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the ...
USN-2459-1: OpenSSL vulnerabilities - 12th January 2015
Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. (CVE-2014-3570) Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted DTLS messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3571) Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain handshakes. A ...
CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206
USN-2456-1: GNU cpio vulnerabilities - 8th January 2015
Michal Zalewski discovered an out of bounds write issue in the process_copy_in function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. (CVE-2014-9112) Jakob Lell discovered a heap-based buffer overflow in the rmt_read__ function of GNU ...
USN-2455-1: bsd-mailx vulnerability - 7th January 2015
It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands. This functionality has now been disabled by default, and can be re-enabled with ...