Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Showing page 1 of 5   Next >
Show: All  

USN-3531-1: Intel Microcode update - 11th January 2018

It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715) This update provides the microcode updates required for the corresponding Linux ...

CVE-2017-5715

USN-3530-1: WebKitGTK+ vulnerabilities - 11th January 2018

It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive ...

CVE-2017-5715 CVE-2017-5753

USN-3527-1: Irssi vulnerabilities - 10th January 2018

Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2018-5205) Joseph Bisch discovered that Irssi incorrectly handled settings the ...

CVE-2018-5205 CVE-2018-5206 CVE-2018-5207 CVE-2018-5208

USN-3526-1: SSSD vulnerability - 10th January 2018

It was discovered that SSSD incorrectly handled certain inputs when querying its local cache. An attacker could use this to inject arbitrary code and expose sensitive information.

CVE-2017-12173

USN-3521-1: NVIDIA graphics drivers vulnerability - 9th January 2018

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations to address the issue, along with compatibility fixes ...

CVE-2017-5753

USN-3520-1: PySAML2 vulnerability - 8th January 2018

It was discovered that PySAML2 incorrectly accepted any password when run with python optimizations enabled. An attacker could use this issue to authenticate as any user without a valid password.

CVE-2017-1000433

USN-3519-1: Tomcat vulnerabilities - 8th January 2018

It was discovered that Tomcat incorrectly handled certain pipelined requests when sendfile was used. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. (CVE-2017-5647) It was discovered that Tomcat incorrectly used the appropriate facade object. A malicious application could possibly use this to bypass ...

CVE-2017-5647 CVE-2017-5648 CVE-2017-5664 CVE-2017-7674

USN-3518-1: AWStats vulnerability - 8th January 2018

It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code.

CVE-2017-1000501

USN-3517-1: poppler vulnerabilities - 8th January 2018

It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could execute arbitrary. (CVE-2017-1000456) It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted ...

CVE-2017-1000456 CVE-2017-14976

USN-3516-1: Firefox vulnerabilities - 5th January 2018

It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive ...

CVE-2017-5715 CVE-2017-5753 CVE-2017-5754

USN-3515-1: Ruby vulnerability - 4th January 2018

It was discovered that Ruby allows FTP command injection. An attacker could use this to cause arbitrary command execution.

CVE-2017-17405

USN-3480-3: Apport regression - 3rd January 2018

USN-3480-2 fixed regressions in Apport. The update introduced a new regression in the container support. This update addresses the problem. We apologize for the inconvenience. Original advisory details: Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a ...

LP: 1733366

USN-3514-1: WebKitGTK+ vulnerabilities - 3rd January 2018

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code ...

CVE-2017-13856 CVE-2017-13866 CVE-2017-13870 CVE-2017-7156

USN-3477-4: Firefox regression - 3rd January 2018

USN-3477-1 fixed vulnerabilities in Firefox. The update introduced a crash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in ...

LP: 1741048

USN-3513-1: libxml2 vulnerability - 13th December 2017

It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service.

CVE-2017-15412

USN-3512-1: OpenSSL vulnerabilities - 11th December 2017

David Benjamin discovered that OpenSSL did not correctly prevent buggy applications that ignore handshake errors from subsequently calling certain functions. (CVE-2017-3737) It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery multiplication procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. (CVE-2017-3738)

CVE-2017-3737 CVE-2017-3738

USN-3508-1: Linux kernel vulnerabilities - 7th December 2017

Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16939) It was discovered that the Linux kernel did not properly handle copy-on- write ...

CVE-2017-1000405 CVE-2017-12146 CVE-2017-16939

USN-3506-1: rsync vulnerabilities - 7th December 2017

It was discovered that rsync proceeds with certain file metadata updates before checking for a filename. An attacker could use this to bypass access restrictions. (CVE-2017-17433) It was discovered that rsync does not check for fnamecmp filenames and also does not apply the sanitize_paths protection mechanism to pathnames. An attacker ...

CVE-2017-17433 CVE-2017-17434

USN-3505-1: Linux firmware vulnerabilities - 6th December 2017

Mathy Vanhoef discovered that the firmware for several Intel WLAN devices incorrectly handled WPA2 in relation to Wake on WLAN. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. (CVE-2017-13080, CVE-2017-13081)

CVE-2017-13080 CVE-2017-13081

USN-3504-1: libxml2 vulnerability - 5th December 2017

Wei Lei discovered that libxml2 incorrecty handled certain parameter entities. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service.

CVE-2017-16932

USN-3503-1: Evince vulnerability - 4th December 2017

It was discovered that Evince incorrectly handled printing certain DVI files. If a user were tricked into opening and printing a specially-named DVI file, an attacker could use this issue to execute arbitrary code.

CVE-2017-1000159

USN-3477-3: Firefox regressions - 1st December 2017

USN-3477-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to ...

LP: 1735801

USN-3490-1: Thunderbird vulnerabilities - 1st December 2017

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing-like context, an attacker could potentially exploit these to bypass same-origin restrictions, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7826, CVE-2017-7828, CVE-2017-7830)

CVE-2017-7826 CVE-2017-7828 CVE-2017-7830

USN-3501-1: libxcursor vulnerability - 29th November 2017

It was discovered that libxcursor incorrectly handled certain files. An attacker could use these issues to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-16612

USN-3500-1: libXfont vulnerability - 29th November 2017

It was discovered that libXfont incorrectly followed symlinks when opening font files. A local unprivileged user could use this issue to cause the X server to access arbitrary files, including special device files.

CVE-2017-16611

USN-3499-1: Exim vulnerability - 29th November 2017

It was discovered that Exim incorrectly handled certain BDAT data headers. A remote attacker could possibly use this issue to cause Exim to crash, resulting in a denial of service.

CVE-2017-16944

USN-3498-1: curl vulnerabilities - 29th November 2017

Alex Nichols discovered that curl incorrectly handled NTLM authentication credentials. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10. (CVE-2017-8816) It was discovered that ...

CVE-2017-8816 CVE-2017-8817

USN-3496-3: Python vulnerability - 28th November 2017

USN-3496-1 fixed a vulnerability in Python2.7. This update provides the corresponding update for versions 3.4 and 3.5. Original advisory details: It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code.

CVE-2017-1000158

USN-3496-1: Python vulnerability - 28th November 2017

It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code.

CVE-2017-1000158

USN-3477-2: Firefox regression - 27th November 2017

USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening ...

LP: 1733970

USN-3495-1: OptiPNG vulnerability - 27th November 2017

It was discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-1000229

USN-3494-1: XML::LibXML vulnerability - 27th November 2017

It was discovered that XML::LibXML incorrectly handled memory when processing a replaceChild call. A remote attacker could possibly use this issue to execute arbitrary code.

CVE-2017-10672

USN-3493-1: Exim vulnerability - 27th November 2017

It was discovered that Exim incorrectly handled memory in the ESMTP CHUNKING extension. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial ...

CVE-2017-16943

USN-3492-1: LibRaw vulnerabilities - 22nd November 2017

It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code

CVE-2015-3885 CVE-2015-8366 CVE-2015-8367 CVE-2017-13735 CVE-2017-14265 CVE-2017-14348 CVE-2017-14608 CVE-2017-6886 CVE-2017-6887

USN-3491-1: ldns vulnerabilities - 22nd November 2017

Leon Weber discovered that the ldns-keygen tool incorrectly set permissions on private keys. A local attacker could possibly use this issue to obtain generated private keys. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-3209) Stephan Zeisberg discovered that ldns incorrectly handled memory when processing data. A remote attacker could ...

CVE-2014-3209 CVE-2017-1000231 CVE-2017-1000232

USN-3489-1: Berkeley DB vulnerability - 21st November 2017

It was discovered that Berkeley DB incorrectly handled certain configuration files. An attacker could possibly use this issue to read sensitive information.

CVE-2017-10140

USN-3486-1: Samba vulnerabilities - 21st November 2017

Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory when processing certain SMB1 requests. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2017-14746) Volker Lendecke discovered that Samba incorrectly cleared memory when returning data to a client. A remote attacker could possibly use this ...

CVE-2017-14746 CVE-2017-15275

USN-3484-1: Linux kernel vulnerability - 20th November 2017

It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host ...

CVE-2017-12188

USN-3480-2: Apport regressions - 20th November 2017

USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177 introduced a regression in the ability to handle crashes for users that configured their systems to use the Upstart init system in Ubuntu 16.04 LTS and Ubuntu 17.04. The fix for CVE-2017-14180 temporarily disabled crash forwarding to containers. This update addresses ...

LP: 1726372 LP: 1732518

USN-3483-1: procmail vulnerability - 20th November 2017

Jakub Wilk discovered that the formail tool incorrectly handled certain malformed mail messages. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-16844

USN-3477-1: Firefox vulnerabilities - 16th November 2017

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, ...

CVE-2017-7826 CVE-2017-7827 CVE-2017-7828 CVE-2017-7830 CVE-2017-7831 CVE-2017-7832 CVE-2017-7833 CVE-2017-7834 CVE-2017-7835 CVE-2017-7837 CVE-2017-7838 CVE-2017-7839 CVE-2017-7840 CVE-2017-7842

USN-3481-1: WebKitGTK+ vulnerabilities - 16th November 2017

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code ...

CVE-2017-13783 CVE-2017-13784 CVE-2017-13785 CVE-2017-13788 CVE-2017-13791 CVE-2017-13792 CVE-2017-13793 CVE-2017-13794 CVE-2017-13795 CVE-2017-13796 CVE-2017-13798 CVE-2017-13802 CVE-2017-13803

USN-3480-1: Apport vulnerabilities - 15th November 2017

Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. (CVE-2017-14177) Sander Bos discovered that Apport incorrectly handled core dumps for processes in a different PID namespace. ...

CVE-2017-14177 CVE-2017-14180

USN-3479-1: PostgreSQL vulnerabilities - 14th November 2017

David Rowley discovered that PostgreSQL incorrectly handled memory when processing certain JSON functions. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2017-15098) Dean Rasheed discovered that PostgreSQL incorrectly enforced SELECT privileges when processing INSERT ... ON CONFLICT DO UPDATE commands. A remote attacker could possibly use ...

CVE-2017-15098 CVE-2017-15099

USN-3478-1: Perl vulnerabilities - 13th November 2017

Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12837, CVE-2017-12883)

CVE-2017-12837 CVE-2017-12883

USN-3476-1: postgresql-common vulnerabilities - 9th November 2017

Dawid Golunski discovered that the postgresql-common pg_ctlcluster script incorrectly handled symlinks. A local attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-1255) It was discovered that the postgresql-common helper scripts incorrectly handled symlinks. A local attacker could possibly ...

CVE-2016-1255 CVE-2017-8806

USN-3473-1: OpenJDK 8 vulnerabilities - 8th November 2017

It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. (CVE-2017-10274) Gaston Traberg discovered that the Serialization component of OpenJDK ...

CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388

USN-3475-1: OpenSSL vulnerabilities - 6th November 2017

It was discovered that OpenSSL incorrectly parsed the IPAddressFamily extension in X.509 certificates, resulting in an erroneous display of the certificate in text format. (CVE-2017-3735) It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private ...

CVE-2017-3735 CVE-2017-3736

USN-3471-1: Quagga vulnerabilities - 31st October 2017

Andreas Jaggi discovered that Quagga incorrectly handled certain BGP UPDATE messages. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service. (CVE-2017-16227) Quentin Young discovered that Quagga incorrectly handled memory in the telnet vty CLI. An attacker able to connect to ...

CVE-2017-16227 CVE-2017-5495

USN-3468-1: Linux kernel vulnerabilities - 31st October 2017

It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2017-1000252) It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux ...

CVE-2017-1000252 CVE-2017-10663 CVE-2017-10911 CVE-2017-11176 CVE-2017-14340

Showing page 1 of 5   Next >
Show: All