Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Showing page 1 of 76   Next >
Show: All  

USN-3299-1: Firefox update - 25th May 2017

Some security information preloaded in Firefox was due to expire before the next scheduled release. This update bumps the expiration times.

LP: 1693502

USN-3296-2: Samba vulnerability - 24th May 2017

USN-3296-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Samba incorrectly handled shared libraries. A remote attacker could use this flaw to upload a shared library to a writable share and execute arbitrary code.

CVE-2017-7494

USN-3298-2: MiniUPnP vulnerability - 24th May 2017

USN-3298-1 fixed a vulnerability in MiniUPnP. This update provides the corresponding update for Ubuntu 17.04. Original advisory details: It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running ...

CVE-2017-8798

USN-3298-1: MiniUPnP vulnerability - 24th May 2017

It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library.

CVE-2017-8798

USN-3297-1: jbig2dec vulnerabilities - 24th May 2017

Bingchang Liu discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue ...

CVE-2016-9601 CVE-2017-7885 CVE-2017-7975 CVE-2017-7976

USN-3296-1: Samba vulnerability - 24th May 2017

It was discovered that Samba incorrectly handled shared libraries. A remote attacker could use this flaw to upload a shared library to a writable share and execute arbitrary code.

CVE-2017-7494

USN-3283-2: rtmpdump vulnerabilities - 23rd May 2017

Dave McDaniel discovered that rtmpdump incorrectly handled certain malformed streams. If a user were tricked into processing a specially crafted stream, a remote attacker could cause rtmpdump to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2015-8270 CVE-2015-8271 CVE-2015-8272

USN-3275-3: OpenJDK 7 regression - 18th May 2017

USN-3275-2 fixed vulnerabilities in OpenJDK 7. Unfortunately, the update introduced a regression when handling TLS handshakes. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to ...

LP: 1691126 https://www.ubuntu.com/usn/usn-3275-2

USN-3295-1: JasPer vulnerabilities - 18th May 2017

It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking ...

CVE-2016-10249 CVE-2016-10251 CVE-2016-1867 CVE-2016-2089 CVE-2016-8654 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8882 CVE-2016-9560 CVE-2016-9591

USN-3291-3: Linux kernel (Xenial HWE) vulnerabilities - 17th May 2017

USN-3291-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. ...

CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7616

USN-3291-2: Linux kernel vulnerabilities - 17th May 2017

USN-3291-1 fixed vulnerabilities in the generic Linux kernel. This update provides the corresponding updates for the Linux kernel built for specific processors and cloud environments. Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an ...

CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7616

USN-3294-1: Bash vulnerabilities - 17th May 2017

Bernd Dietzel discovered that Bash incorrectly expanded the hostname when displaying the prompt. If a remote attacker were able to modify a hostname, this flaw could be exploited to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-0634) It was discovered that ...

CVE-2016-0634 CVE-2016-7543 CVE-2016-9401 CVE-2017-5932

USN-3282-2: FreeType vulnerabilities - 16th May 2017

It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-8105 CVE-2017-8287

USN-3276-2: shadow regression - 16th May 2017

USN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. We apologize for the inconvenience. Original advisory details: Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially ...

LP: 1690820

USN-3293-1: Linux kernel vulnerabilities - 16th May 2017

Dmitry Vyukov discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. A local attacker in a guest OS could use this to cause a denial of service (memory consumption) in the host OS. (CVE-2017-2596) Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux ...

CVE-2017-2596 CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7477 CVE-2017-7616

USN-3292-2: Linux kernel (HWE) vulnerability - 16th May 2017

USN-3292-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Jason Donenfeld discovered a heap overflow in the MACsec module in the Linux kernel. An attacker could use this ...

CVE-2017-7477

USN-3292-1: Linux kernel vulnerability - 16th May 2017

Jason Donenfeld discovered a heap overflow in the MACsec module in the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

CVE-2017-7477

USN-3291-1: Linux kernel vulnerabilities - 16th May 2017

Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7187) It was discovered that a NULL ...

CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7616

USN-3290-1: Linux kernel vulnerability - 16th May 2017

Marco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer (skb) truncation. A local attacker could use this to cause a denial of service (system crash).

CVE-2016-8645

USN-3278-1: Thunderbird vulnerabilities - 16th May 2017

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5436, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5461, ...

CVE-2017-10195 CVE-2017-10196 CVE-2017-10197 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469

USN-3272-2: Ghostscript regression - 16th May 2017

USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could ...

LP: 1687614

USN-3289-1: QEMU vulnerabilities - 16th May 2017

Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-7377, CVE-2017-8086) Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could ...

CVE-2017-7377 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086 CVE-2017-8309 CVE-2017-8379

USN-3275-2: OpenJDK 7 vulnerabilities - 15th May 2017

USN-3275-1 fixed vulnerabilities in OpenJDK 8. This update provides the corresponding updates for OpenJDK 7. Original advisory details: It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of ...

CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544

USN-3288-1: libytnef vulnerabilities - 15th May 2017

It was discovered that libytnef incorrectly handled malformed TNEF streams. If a user were tricked into opening a specially crafted TNEF attachment, an attacker could cause a denial of service or possibly execute arbitrary code.

CVE-2017-6298 CVE-2017-6299 CVE-2017-6300 CVE-2017-6301 CVE-2017-6302 CVE-2017-6303 CVE-2017-6304 CVE-2017-6305 CVE-2017-6306 CVE-2017-6800 CVE-2017-6801 CVE-2017-6802

USN-3287-1: Git vulnerability - 15th May 2017

Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information.

CVE-2017-8386

USN-3286-1: KDE-Libs vulnerability - 15th May 2017

Sebastian Krahmer discovered that the KDE-Libs Kauth component incorrectly checked services invoking D-Bus. A local attacker could use this issue to gain root privileges.

CVE-2017-8422

USN-3285-1: LightDM vulnerability - 11th May 2017

Tyler Hicks discovered that LightDM did not confine the user session for guest users. An attacker with physical access could use this issue to access files and other resources that they should not be able to access. In the default installation, this includes files in the home directories of other ...

CVE-2017-8900 LP: 1663157

USN-3260-2: Firefox regression - 11th May 2017

USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a ...

LP: 1690195

USN-3275-1: OpenJDK 8 vulnerabilities - 11th May 2017

It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. (CVE-2017-3509) It was discovered that an untrusted library search path flaw existed in the Java ...

CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544

USN-3284-1: OpenVPN vulnerabilities - 11th May 2017

It was discovered that OpenVPN improperly triggered an assert when receiving an oversized control packet in some situations. A remote attacker could use this to cause a denial of service (server or client crash). (CVE-2017-7478) It was discovered that OpenVPN improperly triggered an assert when packet ids rolled over. An ...

CVE-2017-7478 CVE-2017-7479

USN-3283-1: rtmpdump vulnerabilities - 9th May 2017

Dave McDaniel discovered that rtmpdump incorrectly handled certain malformed streams. If a user were tricked into processing a specially crafted stream, a remote attacker could cause rtmpdump to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2015-8270 CVE-2015-8271 CVE-2015-8272

USN-3282-1: FreeType vulnerabilities - 9th May 2017

It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-8105 CVE-2017-8287

USN-3281-1: Apache Fop vulnerability - 9th May 2017

Pierre Ernst discovered that Apache Fop incorrectly handled XML external entities. A remote attacker could possibly use this issue to obtain sensitive files from the filesystem, or cause a denial of service.

CVE-2017-5661

USN-3280-1: Apache Batik vulnerability - 9th May 2017

Lars Krapf and Pierre Ernst discovered that Apache Batik incorrectly handled XML external entities. A remote attacker could possibly use this issue to obtain sensitive files from the filesystem, or cause a denial of service.

CVE-2017-5662

USN-3279-1: Apache HTTP Server vulnerabilities - 9th May 2017

It was discovered that the Apache mod_session_crypto module was encrypting data and cookies using either CBC or ECB modes. A remote attacker could possibly use this issue to perform padding oracle attacks. (CVE-2016-0736) Maksim Malyutin discovered that the Apache mod_auth_digest module incorrectly handled malicious input. A remote attacker could possibly ...

CVE-2016-0736 CVE-2016-2161 CVE-2016-8743

USN-3276-1: shadow vulnerabilities - 5th May 2017

Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. (CVE-2016-6252) Tobias Stöckmann discovered a race condition in su. A local attacker could cause su to send SIGKILL to other processes with root privileges. (CVE-2017-2616)

CVE-2016-6252 CVE-2017-2616

USN-3274-1: ICU vulnerabilities - 2nd May 2017

It was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.

CVE-2017-7867 CVE-2017-7868

USN-3273-1: LibreOffice vulnerabilities - 2nd May 2017

It was discovered that LibreOffice incorrectly handled EMF image files. If a user were tricked into opening a specially crafted EMF image file, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code.

CVE-2016-10327 CVE-2017-7870

USN-3272-1: Ghostscript vulnerabilities - 28th April 2017

It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service (application crash). (CVE-2017-8291) Kamil Frankowicz discovered a use-after-free ...

CVE-2016-10217 CVE-2016-10219 CVE-2016-10220 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291

USN-3271-1: Libxslt vulnerabilities - 27th April 2017

Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString() function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possible execute arbitrary code. (CVE-2017-5029) Nicolas Gregoire discovered that Libxslt mishandled namespace nodes. An attacker could ...

CVE-2015-7995 CVE-2016-1683 CVE-2016-1684 CVE-2016-1841 CVE-2016-4738 CVE-2017-5029

USN-3270-1: NSS vulnerabilities - 27th April 2017

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key. (CVE-2016-2183) It was ...

CVE-2016-2183 CVE-2017-5461

USN-3269-1: MySQL vulnerabilities - 27th April 2017

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.55 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04 have been updated to MySQL 5.7.18. In addition to security fixes, the updated ...

CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3331 CVE-2017-3450 CVE-2017-3453 CVE-2017-3454 CVE-2017-3455 CVE-2017-3456 CVE-2017-3457 CVE-2017-3458 CVE-2017-3459 CVE-2017-3460 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3465 CVE-2017-3467 CVE-2017-3468 CVE-2017-3599 CVE-2017-3600

USN-3268-1: QEMU vulnerabilities - 25th April 2017

Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-10028) It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A privileged attacker inside the guest could ...

CVE-2016-10028 CVE-2016-8667 CVE-2016-9602 CVE-2016-9603 CVE-2016-9908 CVE-2016-9912 CVE-2016-9914 CVE-2017-5552 CVE-2017-5578 CVE-2017-5987 CVE-2017-6505

USN-3267-1: Samba vulnerability - 25th April 2017

Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this issue to access files on the server outside of the exported directories.

CVE-2017-2619

USN-3266-2: Linux kernel (HWE) vulnerability - 24th April 2017

USN-3266-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol (SCTP) implementation in the Linux kernel. ...

CVE-2017-5986

USN-3266-1: Linux kernel vulnerability - 24th April 2017

Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol (SCTP) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash).

CVE-2017-5986

USN-3265-2: Linux kernel (Xenial HWE) vulnerabilities - 24th April 2017

USN-3265-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A ...

CVE-2017-5669 CVE-2017-5897 CVE-2017-5970 CVE-2017-5986 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6347 CVE-2017-6348 CVE-2017-7374

USN-3265-1: Linux kernel vulnerabilities - 24th April 2017

It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374) Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux ...

CVE-2017-5669 CVE-2017-5897 CVE-2017-5970 CVE-2017-5986 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6347 CVE-2017-6348 CVE-2017-7374

USN-3264-2: Linux kernel (Trusty HWE) vulnerability - 24th April 2017

USN-3264-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol (SCTP) implementation in the ...

CVE-2017-5986

USN-3264-1: Linux kernel vulnerability - 24th April 2017

Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol (SCTP) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash).

CVE-2017-5986

Showing page 1 of 76   Next >
Show: All