Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

Showing page 1 of 6   Next >
Show: All  

USN-3298-1: MiniUPnP vulnerability - 24th May 2017

It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library.

CVE-2017-8798

USN-3297-1: jbig2dec vulnerabilities - 24th May 2017

Bingchang Liu discovered that jbig2dec incorrectly handled memory when decoding malformed image files. If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue ...

CVE-2016-9601 CVE-2017-7885 CVE-2017-7975 CVE-2017-7976

USN-3296-1: Samba vulnerability - 24th May 2017

It was discovered that Samba incorrectly handled shared libraries. A remote attacker could use this flaw to upload a shared library to a writable share and execute arbitrary code.

CVE-2017-7494

USN-3295-1: JasPer vulnerabilities - 18th May 2017

It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking ...

CVE-2016-10249 CVE-2016-10251 CVE-2016-1867 CVE-2016-2089 CVE-2016-8654 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8882 CVE-2016-9560 CVE-2016-9591

USN-3291-2: Linux kernel vulnerabilities - 17th May 2017

USN-3291-1 fixed vulnerabilities in the generic Linux kernel. This update provides the corresponding updates for the Linux kernel built for specific processors and cloud environments. Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an ...

CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7616

USN-3294-1: Bash vulnerabilities - 17th May 2017

Bernd Dietzel discovered that Bash incorrectly expanded the hostname when displaying the prompt. If a remote attacker were able to modify a hostname, this flaw could be exploited to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-0634) It was discovered that ...

CVE-2016-0634 CVE-2016-7543 CVE-2016-9401 CVE-2017-5932

USN-3276-2: shadow regression - 16th May 2017

USN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. We apologize for the inconvenience. Original advisory details: Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially ...

LP: 1690820

USN-3292-2: Linux kernel (HWE) vulnerability - 16th May 2017

USN-3292-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Jason Donenfeld discovered a heap overflow in the MACsec module in the Linux kernel. An attacker could use this ...

CVE-2017-7477

USN-3291-1: Linux kernel vulnerabilities - 16th May 2017

Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7187) It was discovered that a NULL ...

CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7616

USN-3278-1: Thunderbird vulnerabilities - 16th May 2017

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5436, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5461, ...

CVE-2017-10195 CVE-2017-10196 CVE-2017-10197 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469

USN-3272-2: Ghostscript regression - 16th May 2017

USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could ...

LP: 1687614

USN-3289-1: QEMU vulnerabilities - 16th May 2017

Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-7377, CVE-2017-8086) Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could ...

CVE-2017-7377 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086 CVE-2017-8309 CVE-2017-8379

USN-3287-1: Git vulnerability - 15th May 2017

Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information.

CVE-2017-8386

USN-3260-2: Firefox regression - 11th May 2017

USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a ...

LP: 1690195

USN-3275-1: OpenJDK 8 vulnerabilities - 11th May 2017

It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. (CVE-2017-3509) It was discovered that an untrusted library search path flaw existed in the Java ...

CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544

USN-3283-1: rtmpdump vulnerabilities - 9th May 2017

Dave McDaniel discovered that rtmpdump incorrectly handled certain malformed streams. If a user were tricked into processing a specially crafted stream, a remote attacker could cause rtmpdump to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2015-8270 CVE-2015-8271 CVE-2015-8272

USN-3282-1: FreeType vulnerabilities - 9th May 2017

It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2017-8105 CVE-2017-8287

USN-3279-1: Apache HTTP Server vulnerabilities - 9th May 2017

It was discovered that the Apache mod_session_crypto module was encrypting data and cookies using either CBC or ECB modes. A remote attacker could possibly use this issue to perform padding oracle attacks. (CVE-2016-0736) Maksim Malyutin discovered that the Apache mod_auth_digest module incorrectly handled malicious input. A remote attacker could possibly ...

CVE-2016-0736 CVE-2016-2161 CVE-2016-8743

USN-3276-1: shadow vulnerabilities - 5th May 2017

Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. (CVE-2016-6252) Tobias Stöckmann discovered a race condition in su. A local attacker could cause su to send SIGKILL to other processes with root privileges. (CVE-2017-2616)

CVE-2016-6252 CVE-2017-2616

USN-3274-1: ICU vulnerabilities - 2nd May 2017

It was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.

CVE-2017-7867 CVE-2017-7868

USN-3273-1: LibreOffice vulnerabilities - 2nd May 2017

It was discovered that LibreOffice incorrectly handled EMF image files. If a user were tricked into opening a specially crafted EMF image file, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code.

CVE-2016-10327 CVE-2017-7870

USN-3272-1: Ghostscript vulnerabilities - 28th April 2017

It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service (application crash). (CVE-2017-8291) Kamil Frankowicz discovered a use-after-free ...

CVE-2016-10217 CVE-2016-10219 CVE-2016-10220 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291

USN-3271-1: Libxslt vulnerabilities - 27th April 2017

Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString() function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possible execute arbitrary code. (CVE-2017-5029) Nicolas Gregoire discovered that Libxslt mishandled namespace nodes. An attacker could ...

CVE-2015-7995 CVE-2016-1683 CVE-2016-1684 CVE-2016-1841 CVE-2016-4738 CVE-2017-5029

USN-3270-1: NSS vulnerabilities - 27th April 2017

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key. (CVE-2016-2183) It was ...

CVE-2016-2183 CVE-2017-5461

USN-3269-1: MySQL vulnerabilities - 27th April 2017

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.55 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04 have been updated to MySQL 5.7.18. In addition to security fixes, the updated ...

CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3331 CVE-2017-3450 CVE-2017-3453 CVE-2017-3454 CVE-2017-3455 CVE-2017-3456 CVE-2017-3457 CVE-2017-3458 CVE-2017-3459 CVE-2017-3460 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3465 CVE-2017-3467 CVE-2017-3468 CVE-2017-3599 CVE-2017-3600

USN-3266-2: Linux kernel (HWE) vulnerability - 24th April 2017

USN-3266-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol (SCTP) implementation in the Linux kernel. ...

CVE-2017-5986

USN-3265-1: Linux kernel vulnerabilities - 24th April 2017

It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374) Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux ...

CVE-2017-5669 CVE-2017-5897 CVE-2017-5970 CVE-2017-5986 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6347 CVE-2017-6348 CVE-2017-7374

USN-3260-1: Firefox vulnerabilities - 21st April 2017

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting ...

CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5451 CVE-2017-5453 CVE-2017-5454 CVE-2017-5455 CVE-2017-5456 CVE-2017-5458 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5468 CVE-2017-5469

USN-3263-1: FreeType vulnerability - 20th April 2017

It was discovered that a heap-based buffer overflow existed in the FreeType library. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2016-10328

USN-3261-1: QEMU vulnerabilities - 20th April 2017

Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10028, CVE-2016-10029) Li Qiang discovered that QEMU incorrectly handled ...

CVE-2016-10028 CVE-2016-10029 CVE-2016-10155 CVE-2016-7907 CVE-2016-8667 CVE-2016-8669 CVE-2016-9381 CVE-2016-9602 CVE-2016-9603 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 CVE-2016-9914 CVE-2016-9915 CVE-2016-9916 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-2633 CVE-2017-5525 CVE-2017-5526 CVE-2017-5552 CVE-2017-5578 CVE-2017-5579 CVE-2017-5667 CVE-2017-5856 CVE-2017-5857 CVE-2017-5898 CVE-2017-5973 CVE-2017-5987 CVE-2017-6505

USN-3259-1: Bind vulnerabilities - 17th April 2017

It was discovered that the resolver in Bind made incorrect assumptions about ordering when processing responses containing a CNAME or DNAME. An attacker could use this cause a denial of service. (CVE-2017-3137) Oleg Gorokhov discovered that in some situations, Bind did not properly handle DNS64 queries. An attacker could use ...

CVE-2017-3136 CVE-2017-3137 CVE-2017-3138

USN-3258-2: Dovecot regression - 11th April 2017

USN-3258-1 intended to fix a vulnerability in Dovecot. Further investigation revealed that only Dovecot versions 2.2.26 and newer were affected by the vulnerability. Additionally, the change introduced a regression when Dovecot was configured to use the "dict" authentication database. This update reverts the change. We apologize for the inconvenience. Original ...

CVE-2017-2669

USN-3258-1: Dovecot vulnerability - 10th April 2017

It was discovered that Dovecot incorrectly handled some usernames. An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a denial of service.

CVE-2017-2669

USN-3257-1: WebKitGTK+ vulnerabilities - 10th April 2017

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code ...

CVE-2016-9642 CVE-2016-9643 CVE-2017-2364 CVE-2017-2367 CVE-2017-2376 CVE-2017-2377 CVE-2017-2386 CVE-2017-2392 CVE-2017-2394 CVE-2017-2395 CVE-2017-2396 CVE-2017-2405 CVE-2017-2415 CVE-2017-2419 CVE-2017-2433 CVE-2017-2442 CVE-2017-2445 CVE-2017-2446 CVE-2017-2447 CVE-2017-2454 CVE-2017-2455 CVE-2017-2457 CVE-2017-2459 CVE-2017-2460 CVE-2017-2464 CVE-2017-2465 CVE-2017-2466 CVE-2017-2468 CVE-2017-2469 CVE-2017-2470 CVE-2017-2471 CVE-2017-2475 CVE-2017-2476 CVE-2017-2481

USN-3256-2: Linux kernel (HWE) vulnerability - 4th April 2017

USN-3256-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel for each of the respective prior Ubuntu LTS releases. Andrey Konovalov discovered that the AF_PACKET implementation in the Linux kernel ...

CVE-2017-7308

USN-3256-1: Linux kernel vulnerability - 4th April 2017

Andrey Konovalov discovered that the AF_PACKET implementation in the Linux kernel did not properly validate certain block-size data. A local attacker could use this to cause a denial of service (system crash).

CVE-2017-7308

USN-3255-1: LightDM vulnerability - 4th April 2017

It was discovered that LightDM incorrectly handled home directory creation for guest users. A local attacker could use this issue to gain ownership of arbitrary directory paths and possibly gain administrative privileges.

CVE-2017-7358

USN-3254-1: Django vulnerabilities - 4th April 2017

It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. (CVE-2017-7233) Phithon Gong discovered that Django incorrectly handled certain URLs when the jango.views.static.serve() view is being used. A ...

CVE-2017-7233 CVE-2017-7234

USN-3253-1: Nagios vulnerabilities - 3rd April 2017

It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2013-7108, CVE-2013-7205) It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote ...

CVE-2013-7108 CVE-2013-7205 CVE-2014-1878 CVE-2016-9566

USN-3216-2: Firefox regression - 30th March 2017

USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a startup crash when Firefox is used with XRDP. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, ...

LP: 1671079

USN-3242-2: Samba regression - 30th March 2017

USN-3242-1 fixed a vulnerability in Samba. The upstream fix introduced a regression when Samba is configured to disable following symbolic links. This update fixes the problem. Original advisory details: Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this issue to access files on the ...

LP: 1675698

USN-3251-2: Linux kernel (HWE) vulnerability - 29th March 2017

USN-3251-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data ...

CVE-2017-7184

USN-3249-1: Linux kernel vulnerability - 29th March 2017

It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges.

CVE-2017-7184

USN-3236-1: Oxide vulnerabilities - 29th March 2017

Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, spoof application UI by causing the security status API or webview URL to indicate the wrong values, bypass security restrictions, cause a ...

CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5033 CVE-2017-5035 CVE-2017-5037 CVE-2017-5040 CVE-2017-5041 CVE-2017-5044 CVE-2017-5045 CVE-2017-5046

USN-3247-1: AppArmor vulnerability - 28th March 2017

Stéphane Graber discovered that AppArmor incorrectly unloaded some profiles when restarted or upgraded, contrary to expected behavior.

CVE-2017-6507

USN-3246-1: Eject vulnerability - 27th March 2017

Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid and setgid return values. A local attacker could use this issue to execute code as an administrator.

CVE-2017-6964

USN-3245-1: GStreamer Good Plugins vulnerabilities - 27th March 2017

Hanno Böck discovered that GStreamer Good Plugins did not correctly handle certain malformed media files. If a user were tricked into opening a crafted media file with a GStreamer application, an attacker could cause a denial of service via application crash.

CVE-2016-10198 CVE-2016-10199 CVE-2017-5840 CVE-2017-5841 CVE-2017-5845

USN-3244-1: GStreamer Base Plugins vulnerabilities - 27th March 2017

Hanno Böck discovered that GStreamer Base Plugins did not correctly handle certain malformed media files. If a user were tricked into opening a crafted media file with a GStreamer application, an attacker could cause a denial of service via application crash.

CVE-2016-9811 CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844

USN-3233-1: Thunderbird vulnerabilities - 24th March 2017

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, cause a denial of service via application crash or hang, or execute arbitrary ...

CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410

USN-3242-1: Samba vulnerability - 23rd March 2017

Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this issue to access files on the server outside of the exported directories.

CVE-2017-2619

Showing page 1 of 6   Next >
Show: All