Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Showing page 1 of 18   Next >
Show: All  

USN-3339-1: OpenVPN vulnerabilities - 22nd June 2017

Karthikeyan Bhargavan and Gaëtan Leurent discovered that 64-bit block ciphers are vulnerable to a birthday attack. A remote attacker could possibly use this issue to recover cleartext data. Fixing this issue requires a configuration change to switch to a different cipher. This update adds a warning to the log file ...

CVE-2016-6329 CVE-2017-7479 CVE-2017-7508 CVE-2017-7512 CVE-2017-7520 CVE-2017-7521

USN-3335-1: Linux kernel vulnerability - 22nd June 2017

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges

CVE-2017-1000364

USN-3334-1: Linux kernel (Xenial HWE) vulnerability - 22nd June 2017

USN-3328-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large ...

CVE-2017-1000364

USN-3337-1: Valgrind vulnerabilities - 21st June 2017

It was discovered that Valgrind incorectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-2226) It was discovered that ...

CVE-2016-2226 CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 CVE-2016-4491 CVE-2016-4492 CVE-2016-4493 CVE-2016-6131

USN-3336-1: NSS vulnerability - 21st June 2017

It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service.

CVE-2017-7502

USN-3323-1: GNU C Library vulnerability - 19th June 2017

It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination with another vulnerability to gain administrative privileges.

CVE-2017-1000366

USN-3322-1: Exim vulnerability - 19th June 2017

It was discovered that Exim did not properly deallocate memory when processing certain command line arguments. A local attacker could use this in conjunction with a vulnerability in the underlying kernel to possibly execute arbitrary code and gain administrative privileges.

CVE-2017-1000369

USN-3320-1: zziplib vulnerabilities - 15th June 2017

Agostino Sarubbo discovered that zziplib incorrectly handled certain malformed ZIP files. If a user or automated system were tricked into opening a specially crafted ZIP file, a remote attacker could cause zziplib to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5978 CVE-2017-5979 CVE-2017-5980 CVE-2017-5981

USN-3319-1: libmwaw vulnerability - 15th June 2017

It was discovered that libmwaw incorrectly handled certain malformed document files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause libmwaw to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-9433

USN-3315-1: Firefox vulnerabilities - 15th June 2017

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, spoof the addressbar contents, or execute arbitrary code. (CVE-2017-5470, CVE-2017-5471, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, ...

CVE-2017-5470 CVE-2017-5471 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7762 CVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778

USN-3318-1: GnuTLS vulnerabilities - 13th June 2017

Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-7507) It was discovered that ...

CVE-2017-7507 CVE-2017-7869

USN-3317-1: Irssi vulnerabilities - 12th June 2017

It was discovered that Irssi incorrectly handled certain DCC messages. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-9468) Joseph Bisch discovered that Irssi incorrectly handled receiving incorrectly quoted DCC files. A remote attacker could possibly use this issue ...

CVE-2017-9468 CVE-2017-9469

USN-3253-2: Nagios regression - 7th June 2017

USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files from being displayed in the web interface. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause ...

LP: 1690380

USN-3312-2: Linux kernel (Xenial HWE) vulnerabilities - 6th June 2017

USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. ...

CVE-2016-7913 CVE-2016-7917 CVE-2016-8632 CVE-2016-9083 CVE-2016-9084 CVE-2016-9604 CVE-2017-0605 CVE-2017-2596 CVE-2017-2671 CVE-2017-6001 CVE-2017-7472 CVE-2017-7618 CVE-2017-7645 CVE-2017-7889 CVE-2017-7895

USN-3311-1: libnl vulnerability - 6th June 2017

It was discovered that libnl incorrectly handled memory when performing certain operations. A local attacker could possibly use this issue to cause libnl to crash, resulting in a denial of service, or execute arbitrary code.

CVE-2017-0553

USN-3309-1: Libtasn1 vulnerability - 5th June 2017

Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute arbirary code.

CVE-2017-6891

USN-3308-1: Puppet vulnerabilities - 5th June 2017

Dennis Rowe discovered that Puppet incorrectly handled the search path. A local attacker could use this issue to possibly execute arbitrary code. (CVE-2014-3248) It was discovered that Puppet incorrectly handled YAML deserialization. A remote attacker could possibly use this issue to execute arbitrary code on the master. This update is ...

CVE-2014-3248 CVE-2017-2295

USN-3307-1: OpenLDAP vulnerability - 1st June 2017

Karsten Heymann discovered that OpenLDAP incorrectly handled certain search requests. A remote attacker could use this issue to cause slapd to crash, resulting in a denial of service.

CVE-2017-9287

USN-3306-1: libsndfile vulnerabilities - 1st June 2017

Agostino Sarubbo and Jakub Jirasek discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-7585 CVE-2017-7586 CVE-2017-7741 CVE-2017-7742 CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365

USN-3305-1: NVIDIA graphics drivers vulnerabilities - 31st May 2017

It was discovered that the NVIDIA graphics drivers contained flaws in the kernel mode layer. A local attacker could use these issues to cause a denial of service or potentially escalate their privileges on the system.

CVE-2017-0350 CVE-2017-0351 CVE-2017-0352

USN-3304-1: Sudo vulnerability - 30th May 2017

It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions.

CVE-2017-1000367

USN-3212-2: LibTIFF regression - 30th May 2017

USN-3212-1 fixed vulnerabilities in LibTIFF. Unfortunately, some of the security patches were misapplied, which caused a regression when processing certain images. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system ...

LP: 1670036

USN-3302-1: ImageMagick vulnerabilities - 30th May 2017

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the ...

CVE-2017-7606 CVE-2017-7619 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144

USN-3301-1: strongSwan vulnerabilities - 30th May 2017

It was discovered that the strongSwan gmp plugin incorrectly validated RSA public keys. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2017-9022) It was discovered that strongSwan incorrectly parsed ASN.1 CHOICE types. A remote attacker could use this issue to ...

CVE-2017-9022 CVE-2017-9023

USN-3300-1: juju-core vulnerability - 26th May 2017

Ryan Beisner discovered juju did not set permissions on a Unix domain socket. A local attacker could use this flaw to gain administrative privileges.

CVE-2017-9232

USN-3299-1: Firefox update - 25th May 2017

Some security information preloaded in Firefox was due to expire before the next scheduled release. This update bumps the expiration times.

LP: 1693502

USN-3298-1: MiniUPnP vulnerability - 24th May 2017

It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library.

CVE-2017-8798

USN-3297-1: jbig2dec vulnerabilities - 24th May 2017

Bingchang Liu discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue ...

CVE-2016-9601 CVE-2017-7885 CVE-2017-7975 CVE-2017-7976

USN-3296-1: Samba vulnerability - 24th May 2017

It was discovered that Samba incorrectly handled shared libraries. A remote attacker could use this flaw to upload a shared library to a writable share and execute arbitrary code.

CVE-2017-7494

USN-3275-3: OpenJDK 7 regression - 18th May 2017

USN-3275-2 fixed vulnerabilities in OpenJDK 7. Unfortunately, the update introduced a regression when handling TLS handshakes. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to ...

LP: 1691126 https://www.ubuntu.com/usn/usn-3275-2

USN-3295-1: JasPer vulnerabilities - 18th May 2017

It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking ...

CVE-2016-10249 CVE-2016-10251 CVE-2016-1867 CVE-2016-2089 CVE-2016-8654 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8882 CVE-2016-9560 CVE-2016-9591

USN-3291-3: Linux kernel (Xenial HWE) vulnerabilities - 17th May 2017

USN-3291-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. ...

CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7616

USN-3294-1: Bash vulnerabilities - 17th May 2017

Bernd Dietzel discovered that Bash incorrectly expanded the hostname when displaying the prompt. If a remote attacker were able to modify a hostname, this flaw could be exploited to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-0634) It was discovered that ...

CVE-2016-0634 CVE-2016-7543 CVE-2016-9401 CVE-2017-5932

USN-3276-2: shadow regression - 16th May 2017

USN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. We apologize for the inconvenience. Original advisory details: Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially ...

LP: 1690820

USN-3290-1: Linux kernel vulnerability - 16th May 2017

Marco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer (skb) truncation. A local attacker could use this to cause a denial of service (system crash).

CVE-2016-8645

USN-3278-1: Thunderbird vulnerabilities - 16th May 2017

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5436, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5461, ...

CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469

USN-3272-2: Ghostscript regression - 16th May 2017

USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could ...

LP: 1687614

USN-3289-1: QEMU vulnerabilities - 16th May 2017

Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-7377, CVE-2017-8086) Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could ...

CVE-2017-7377 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086 CVE-2017-8309 CVE-2017-8379

USN-3275-2: OpenJDK 7 vulnerabilities - 15th May 2017

USN-3275-1 fixed vulnerabilities in OpenJDK 8. This update provides the corresponding updates for OpenJDK 7. Original advisory details: It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of ...

CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544

USN-3288-1: libytnef vulnerabilities - 15th May 2017

It was discovered that libytnef incorrectly handled malformed TNEF streams. If a user were tricked into opening a specially crafted TNEF attachment, an attacker could cause a denial of service or possibly execute arbitrary code.

CVE-2017-6298 CVE-2017-6299 CVE-2017-6300 CVE-2017-6301 CVE-2017-6302 CVE-2017-6303 CVE-2017-6304 CVE-2017-6305 CVE-2017-6306 CVE-2017-6800 CVE-2017-6801 CVE-2017-6802

USN-3287-1: Git vulnerability - 15th May 2017

Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information.

CVE-2017-8386

USN-3286-1: KDE-Libs vulnerability - 15th May 2017

Sebastian Krahmer discovered that the KDE-Libs Kauth component incorrectly checked services invoking D-Bus. A local attacker could use this issue to gain root privileges.

CVE-2017-8422

USN-3260-2: Firefox regression - 11th May 2017

USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a ...

LP: 1690195

USN-3283-1: rtmpdump vulnerabilities - 9th May 2017

Dave McDaniel discovered that rtmpdump incorrectly handled certain malformed streams. If a user were tricked into processing a specially crafted stream, a remote attacker could cause rtmpdump to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2015-8270 CVE-2015-8271 CVE-2015-8272

USN-3282-1: FreeType vulnerabilities - 9th May 2017

It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-8105 CVE-2017-8287

USN-3281-1: Apache Fop vulnerability - 9th May 2017

Pierre Ernst discovered that Apache Fop incorrectly handled XML external entities. A remote attacker could possibly use this issue to obtain sensitive files from the filesystem, or cause a denial of service.

CVE-2017-5661

USN-3280-1: Apache Batik vulnerability - 9th May 2017

Lars Krapf and Pierre Ernst discovered that Apache Batik incorrectly handled XML external entities. A remote attacker could possibly use this issue to obtain sensitive files from the filesystem, or cause a denial of service.

CVE-2017-5662

USN-3279-1: Apache HTTP Server vulnerabilities - 9th May 2017

It was discovered that the Apache mod_session_crypto module was encrypting data and cookies using either CBC or ECB modes. A remote attacker could possibly use this issue to perform padding oracle attacks. (CVE-2016-0736) Maksim Malyutin discovered that the Apache mod_auth_digest module incorrectly handled malicious input. A remote attacker could possibly ...

CVE-2016-0736 CVE-2016-2161 CVE-2016-8743

USN-3276-1: shadow vulnerabilities - 5th May 2017

Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. (CVE-2016-6252) Tobias Stöckmann discovered a race condition in su. A local attacker could cause su to send SIGKILL to other processes with root privileges. (CVE-2017-2616)

CVE-2016-6252 CVE-2017-2616

USN-3274-1: ICU vulnerabilities - 2nd May 2017

It was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.

CVE-2017-7867 CVE-2017-7868

Showing page 1 of 18   Next >
Show: All