Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Showing page 1 of 73   Next >
Show: All  

USN-3172-1: Bind vulnerabilities - 12th January 2017

It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2016-9131) It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote ...

CVE-2016-9131 CVE-2016-9147 CVE-2016-9444

USN-3171-1: LibVNCServer vulnerabilities - 11th January 2017

Josef Gajdusek discovered that the LibVNCServer client library incorrectly handled certain FrameBufferUpdate messages. If a user were tricked into connecting to a malicious server, an attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)

CVE-2016-9941 CVE-2016-9942

USN-3170-2: Linux kernel (Raspberry Pi 2) vulnerabilities - 11th January 2017

Andrey Konovalov discovered that the ipv6 icmp implementation in the Linux kernel did not properly check data structures on send. A remote attacker could use this to cause a denial of service (system crash). (CVE-2016-9919) Andrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling ...

CVE-2016-9793 CVE-2016-9919

USN-3170-1: Linux kernel vulnerabilities - 11th January 2017

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756) Andrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when ...

CVE-2016-9756 CVE-2016-9793

USN-3169-4: Linux kernel (Qualcomm Snapdragon) vulnerabilities - 11th January 2017

Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794) Andrey Konovalov discovered that signed integer overflows existed in the ...

CVE-2016-9793 CVE-2016-9794

USN-3169-3: Linux kernel (Raspberry Pi 2) vulnerabilities - 11th January 2017

Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794) Andrey Konovalov discovered that signed integer overflows existed in the ...

CVE-2016-9793 CVE-2016-9794

USN-3169-2: Linux kernel (Xenial HWE) vulnerabilities - 11th January 2017

USN-3169-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment ...

CVE-2016-9756 CVE-2016-9793 CVE-2016-9794

USN-3169-1: Linux kernel vulnerabilities - 11th January 2017

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756) Andrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when ...

CVE-2016-9756 CVE-2016-9793 CVE-2016-9794

USN-3168-2: Linux kernel (Trusty HWE) vulnerabilities - 11th January 2017

USN-3168-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment ...

CVE-2016-9756 CVE-2016-9793 CVE-2016-9794 CVE-2016-9806

USN-3168-1: Linux kernel vulnerabilities - 11th January 2017

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756) Andrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when ...

CVE-2016-9756 CVE-2016-9793 CVE-2016-9794 CVE-2016-9806

USN-3167-2: Linux kernel (OMAP4) vulnerabilities - 11th January 2017

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756) Baozeng Ding discovered a race condition that could lead to a use-after- free in ...

CVE-2016-9756 CVE-2016-9794

USN-3167-1: Linux kernel vulnerabilities - 11th January 2017

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). Baozeng Ding discovered a race condition that could lead to a use-after- free in the ...

CVE-2016-9756 CVE-2016-9794

USN-3166-1: WebKitGTK+ vulnerabilities - 10th January 2017

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code ...

CVE-2016-4613 CVE-2016-4657 CVE-2016-4666 CVE-2016-4707 CVE-2016-4728 CVE-2016-4733 CVE-2016-4734 CVE-2016-4735 CVE-2016-4759 CVE-2016-4760 CVE-2016-4761 CVE-2016-4762 CVE-2016-4764 CVE-2016-4765 CVE-2016-4767 CVE-2016-4768 CVE-2016-4769 CVE-2016-7578

USN-3164-1: Exim vulnerability - 5th January 2017

Bjoern Jacke discovered that Exim incorrectly handled DKIM keys. In certain configurations, private DKIM signing keys could be leaked to the log files.

CVE-2016-9963

USN-3163-1: NSS vulnerabilities - 4th January 2017

It was discovered that NSS incorrectly handled certain invalid Diffie-Hellman keys. A remote attacker could possibly use this flaw to cause NSS to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5285) Hubert Kario discovered that ...

CVE-2016-5285 CVE-2016-8635 CVE-2016-9074

USN-3162-2: Linux kernel (Raspberry Pi 2) vulnerabilities - 20th December 2016

CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213) Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux ...

CVE-2016-6213 CVE-2016-7097 CVE-2016-7425 CVE-2016-8630 CVE-2016-8633 CVE-2016-8645 CVE-2016-9313 CVE-2016-9555

USN-3162-1: Linux kernel vulnerabilities - 20th December 2016

CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213) It was discovered that the KVM implementation for x86/x86_64 in the Linux kernel ...

CVE-2016-6213 CVE-2016-8630 CVE-2016-8633 CVE-2016-8645 CVE-2016-9313 CVE-2016-9555

USN-3161-4: Linux kernel (Qualcomm Snapdragon) vulnerabilities - 20th December 2016

Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in the Linux kernel did not properly handle multiple ...

CVE-2015-8964 CVE-2016-4568 CVE-2016-6213 CVE-2016-7097 CVE-2016-7425 CVE-2016-8630 CVE-2016-8633 CVE-2016-8645 CVE-2016-8658 CVE-2016-9555 CVE-2016-9644

USN-3161-3: Linux kernel (Raspberry Pi 2) vulnerabilities - 20th December 2016

Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in the Linux kernel did not properly handle multiple ...

CVE-2015-8964 CVE-2016-4568 CVE-2016-6213 CVE-2016-7042 CVE-2016-7097 CVE-2016-7425 CVE-2016-8630 CVE-2016-8633 CVE-2016-8645 CVE-2016-8658 CVE-2016-9178 CVE-2016-9555

USN-3161-2: Linux kernel (Xenial HWE) vulnerabilities - 20th December 2016

USN-3161-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A ...

CVE-2015-8964 CVE-2016-4568 CVE-2016-6213 CVE-2016-8630 CVE-2016-8633 CVE-2016-8645 CVE-2016-9555

USN-3161-1: Linux kernel vulnerabilities - 20th December 2016

Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in the Linux kernel did not properly handle multiple ...

CVE-2015-8964 CVE-2016-4568 CVE-2016-6213 CVE-2016-8630 CVE-2016-8633 CVE-2016-8645 CVE-2016-9555

USN-3160-2: Linux kernel (Trusty HWE) vulnerabilities - 20th December 2016

USN-3160-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the ...

CVE-2016-6213 CVE-2016-7916

USN-3160-1: Linux kernel vulnerabilities - 20th December 2016

CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213) It was discovered that a race condition existed in the procfs environ_read function ...

CVE-2016-6213 CVE-2016-7916

USN-3159-2: Linux kernel (OMAP4) vulnerability - 20th December 2016

It was discovered that a race condition existed in the procfs environ_read function in the Linux kernel, leading to an integer underflow. A local attacker could use this to expose sensitive information (kernel memory).

CVE-2016-7916

USN-3159-1: Linux kernel vulnerability - 20th December 2016

It was discovered that a race condition existed in the procfs environ_read function in the Linux kernel, leading to an integer underflow. A local attacker could use this to expose sensitive information (kernel memory).

CVE-2016-7916

USN-3158-1: Samba vulnerabilities - 19th December 2016

Frederic Besler and others discovered that the ndr_pull_dnsp_nam function in Samba contained an integer overflow. An authenticated attacker could use this to gain administrative privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-2123) Simo Sorce discovered that that Samba clients always requested a forwardable ...

CVE-2016-2123 CVE-2016-2125 CVE-2016-2126

USN-3156-2: APT regression - 16th December 2016

USN-3156-1 fixed vulnerabilities in APT. It also caused a bug in unattended-upgrades on that may require manual intervention to repair. Users on Ubuntu 16.10 should run the following commands at a terminal: sudo dpkg --configure --pending sudo apt-get -f install This update fixes the problem. We apologize for the inconvenience. ...

LP: 1649959

USN-3157-1: Apport vulnerabilities - 14th December 2016

Donncha O Cearbhaill discovered that the crash file parser in Apport improperly treated the CrashDB field as python code. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user. This issue only affected Ubuntu ...

CVE-2016-9949 CVE-2016-9950 CVE-2016-9951

USN-3155-1: Firefox vulnerabilities - 13th December 2016

Multiple security vulnerabilities were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9080, CVE-2016-9893, CVE-2016-9894, CVE-2016-9895, ...

CVE-2016-9080 CVE-2016-9893 CVE-2016-9894 CVE-2016-9895 CVE-2016-9896 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9903 CVE-2016-9904

USN-3156-1: APT vulnerability - 13th December 2016

Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.

CVE-2016-1252

USN-3153-1: Oxide vulnerabilities - 9th December 2016

Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL, bypass same origin restrictions, cause a denial of service via ...

CVE-2016-5204 CVE-2016-5205 CVE-2016-5207 CVE-2016-5208 CVE-2016-5209 CVE-2016-5212 CVE-2016-5213 CVE-2016-5215 CVE-2016-5219 CVE-2016-5221 CVE-2016-5222 CVE-2016-5224 CVE-2016-5225 CVE-2016-5226 CVE-2016-9650 CVE-2016-9651 CVE-2016-9652

USN-3154-1: OpenJDK 6 vulnerabilities - 7th December 2016

It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. (CVE-2016-5542) It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader ...

CVE-2016-5542 CVE-2016-5554 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597

USN-3152-2: Linux kernel (Raspberry Pi 2) vulnerability - 5th December 2016

Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges.

CVE-2016-8655

USN-3150-2: Linux kernel (OMAP4) vulnerability - 5th December 2016

Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges.

CVE-2016-8655

USN-3151-4: Linux kernel (Raspberry Pi 2) vulnerability - 5th December 2016

Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges.

CVE-2016-8655

USN-3151-3: Linux kernel (Qualcomm Snapdragon) vulnerability - 5th December 2016

Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges.

CVE-2016-8655

USN-3152-1: Linux kernel vulnerability - 5th December 2016

Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges.

CVE-2016-8655

USN-3151-2: Linux kernel (Xenial HWE) vulnerability - 5th December 2016

USN-3151-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker ...

CVE-2016-8655

USN-3151-1: Linux kernel vulnerability - 5th December 2016

Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges.

CVE-2016-8655

USN-3150-1: Linux kernel vulnerability - 5th December 2016

Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges.

CVE-2016-8655

USN-3149-2: Linux kernel (Trusty HWE) vulnerability - 5th December 2016

USN-3149-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker ...

CVE-2016-8655

USN-3149-1: Linux kernel vulnerability - 5th December 2016

Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges.

CVE-2016-8655

USN-3148-1: Ghostscript vulnerabilities - 1st December 2016

Tavis Ormandy discovered multiple vulnerabilities in the way that Ghostscript processes certain Postscript files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly execute arbitrary code. (CVE-2016-7976, CVE-2016-7978, CVE-2016-7979, CVE-2016-8602) Multiple vulnerabilities were discovered in ...

CVE-2013-5653 CVE-2016-7976 CVE-2016-7977 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602

USN-3133-1: Oxide vulnerabilities - 1st December 2016

Multiple security vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5198, CVE-2016-5200, CVE-2016-5202) A heap-corruption issue was discovered in ...

CVE-2016-5198 CVE-2016-5199 CVE-2016-5200 CVE-2016-5202

USN-3141-1: Thunderbird vulnerabilities - 30th November 2016

Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or ...

CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9066 CVE-2016-9079

USN-3140-1: Firefox vulnerabilities - 30th November 2016

It was discovered that data: URLs can inherit the wrong origin after a HTTP redirect in some circumstances. An attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-9078) A use-after-free was discovered in SVG animations. If a user were tricked in to opening a specially crafted website, an attacker ...

CVE-2016-9078 CVE-2016-9079

USN-3147-1: Linux kernel vulnerabilities - 30th November 2016

Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. (CVE-2016-7097) Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel ...

CVE-2016-7097 CVE-2016-7425

USN-3146-2: Linux kernel (Xenial HWE) vulnerabilities - 30th November 2016

USN-3146-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the __get_user_asm_ex implementation in the Linux kernel for x86/x86_64 contained extended asm statements that ...

CVE-2016-7097 CVE-2016-7425 CVE-2016-8658 CVE-2016-9644

USN-3146-1: Linux kernel vulnerabilities - 30th November 2016

It was discovered that the __get_user_asm_ex implementation in the Linux kernel for x86/x86_64 contained extended asm statements that were incompatible with the exception table. A local attacker could use this to gain administrative privileges. (CVE-2016-9644) Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did ...

CVE-2016-7097 CVE-2016-7425 CVE-2016-8658 CVE-2016-9644

USN-3145-2: Linux kernel (Trusty HWE) vulnerabilities - 30th November 2016

USN-3145-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate ...

CVE-2016-7425 CVE-2016-8658

Showing page 1 of 73   Next >
Show: All