USN-4155-1: Aspell vulnerability

It was discovered that Aspell incorrectly handled certain inputs. An attacker could potentially access sensitive information...

USN-4154-1: Sudo vulnerability

Joe Vennix discovered that Sudo incorrectly handled certain user IDs. An attacker could potentially exploit this to execute arbitrary commands as the root user...

USN-4151-2: Python vulnerabilities

USN-4151-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to tric...

USN-4153-1: Octavia vulnerability

Daniel Preussker discovered that Octavia incorrectly handled client certificate checking. A remote attacker on the management network could possibly use this issue to perform configuration changes and obtain sensitive information...

USN-4152-1: libsoup vulnerability

It was discovered that libsoup incorrectly handled parsing certain NTLM messages. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause a denial of service...

USN-4151-1: Python vulnerabilities

It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. CVE-2019-16056 It was discovered that the Python documentation XML-RPC server incorrectly...

USN-4150-1: Thunderbird vulnerabilities

It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain...

USN-4122-2: Firefox regression

USN-4122-1 fixed vulnerabilities in Firefox. The update caused a regression that resulted in a crash when changing YouTube playback speed in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered i...

USN-4149-1: Unbound vulnerability

It was discovered that Unbound incorrectly handled certain NOTIFY queries. An attacker could possibly use this issue to cause a denial of service...

USN-4148-1: OpenEXR vulnerabilities

It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2017-12596...

USN-4147-1: Linux kernel vulnerabilities

It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup TDLS. A physically proximate attacker could use this to cause a denial of service Wi-Fi disconnect. CVE-2019-0136 It was discovered that the Bluetooth UART...

USN-4146-2: ClamAV vulnerabilities

USN-4146-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled unpacking ZIP files. A remote attacker could possibly use this issue to cause...

USN-4146-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled unpacking ZIP files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2019-12625 It was discovered that ClamAV incorrectly handled unpacking bzip2 files. A remote attacker could use th...

USN-4145-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service system crash. CVE-2016-10905 It was discovered that the IPv6 implementation in the Linux kernel did not properly validate socket optio...

USN-4144-1: Linux kernel vulnerabilities

It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service system crash or execute arbitrary code. CVE-2018-20976 Benjamin Moody discovered that the XFS file system...

USN-4143-1: SDL 2.0 vulnerabilities

It was discovered that SDL 2.0 mishandled crafted image files resulting in an integer overflow. If a user were tricked into opening a malicious file, SDL 2.0 could be caused to crash or potentially run arbitrary code. CVE-2017-2888 It was discovered that SDL 2.0 mishandled crafted image files. If...

USN-4142-2: e2fsprogs vulnerability

USN-4142-1 fixed a vulnerability in e2fsprogs. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute...

USN-4142-1: e2fsprogs vulnerability

It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code...

USN-4141-1: Exim vulnerability

It was discovered that Exim incorrectly handled certain string operations. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-4140-1: Firefox vulnerability

It was discovered that no user notification was given when pointer lock is enabled. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to hijack the mouse pointer and confuse users...

USN-4139-1: File Roller vulnerability

It was discovered that File Roller incorrectly handled certain TAR files. An attacker could possibly use this issue to overwrite sensitive files during extraction...

USN-4138-1: LibreOffice vulnerability

It was discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary code...

USN-4137-1: Mosquitto vulnerability

It was discovered that Mosquitto incorrectly handled certain specially crafted input and network packets. A remote attacker could use this to cause a denial of service...

USN-4134-2: IBus regression

USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a regression when being used with Qt applications. This update reverts the security fix pending further investigation. Original advisory details: Simon McVittie discovered that IBus did not enforce appropriate access controls o...

USN-4128-2: Tomcat vulnerabilities

It was discovered that the Tomcat 9 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. CVE-2019-0221 It was discovered that Tomcat 9 did not address HTTP/2 connection window exhaustion on write while addressing...

USN-4136-2: wpa_supplicant and hostapd vulnerability

USN-4136-1 fixed a vulnerability in wpasupplicant. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that wpasupplicant incorrectly handled certain management frames. An attacker could possibly use this issue to...

USN-4136-1: wpa_supplicant and hostapd vulnerability

It was discovered that wpasupplicant incorrectly handled certain management frames. An attacker could possibly use this issue to cause a denial of service...

USN-4135-2: Linux kernel vulnerabilities

Peter Pi discovered a buffer overflow in the virtio network backend vhostnet implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service host OS crash or possibly execute arbitrary code in the host OS. CVE-2019-14835 It was discovered that the...

USN-4135-1: Linux kernel vulnerabilities

Peter Pi discovered a buffer overflow in the virtio network backend vhostnet implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service host OS crash or possibly execute arbitrary code in the host OS. CVE-2019-14835 It was discovered that the...

USN-4113-2: Apache HTTP Server regression

USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Stefan Eissing discovered...

USN-4124-2: Exim vulnerability

USN-4124-1 fixed a vulnerability in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands...

USN-4134-1: IBus vulnerability

Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user...

USN-4133-1: Wireshark vulnerabilities

It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file...

USN-4129-2: curl vulnerability

USN-4129-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resultin...

USN-4132-2: Expat vulnerability

USN-4132-1 fixed a vulnerability in Expat. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive...

USN-4132-1: Expat vulnerability

It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information...

USN-4131-1: VLC vulnerabilities

It was discovered that VLC incorrectly handled certain media files. If a user were tricked into opening a specially-crafted file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-4130-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

USN-4129-1: curl vulnerabilities

Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. CVE-2019-5481 Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker...

USN-4115-2: Linux kernel regression

USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update, a regression was introduced that caused a kernel crash when handling fragmented packets in some situations. This update addresses the issue. We apologize for...

USN-4120-2: systemd regression

USN-4120-1 fixed a vulnerability in systemd. The update included a recent SRU from the updates pocket that introduced networking problems for some users. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the systemd-resolved D-Bus...

USN-4128-1: Tomcat vulnerabilities

It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. CVE-2019-0221 It was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing...

USN-4127-2: Python vulnerabilities

USN-4127-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume...

USN-4126-2: FreeType vulnerabilities

USN-4126-1 fixed a vulnerability in FreeType. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information. CVE-2015-9381,...

USN-4127-1: Python vulnerabilities

It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2018-20406 It was discovered that Python incorrectly validated t...

USN-4126-1: FreeType vulnerability

It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information...

USN-4125-1: Memcached vulnerability

It was discovered that Memcached incorrectly handled certain UNIX sockets. An attacker could possibly use this issue to access sensitive information...

USN-4124-1: Exim vulnerability

It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands...

USN-4123-1: npm/fstream vulnerability

It was discovered that npm/fstream incorrectly handled certain crafted tarballs. An attacker could use this vulnerability to write aritrary files to the filesystem...

USN-4122-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy CSP protections, bypass same-origin restrictions, conduct cross-site...