USN-4047-1: libvirt vulnerabilities

Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile...

USN-4046-1: Irssi vulnerabilities

It was discovered that Irssi incorrectly handled certain disconnections. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. CVE-2018-7054 It was discovered that Irssi incorrectly handled certain requests. An...

USN-4038-4: bzip2 regression

USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing bzip2 to incorrect raises CRC errors for some files. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. We apologize for the inconvenience. Original advisory details: It was...

USN-4038-3: bzip2 regression

USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing bzip2 to incorrect raises CRC errors for some files. We apologize for the inconvenience. Original advisory details: It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use...

USN-4045-1: Thunderbird vulnerabilities

A type confusion bug was discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could exploit this by causing a denial of service, or executing arbirary code. CVE-2019-11707 It was discovered that a sandboxed child process...

USN-4044-1: ZNC vulnerability

Fix vulnerability where an authenticated non-admin users could load a module with a crafted name, then escalate privileges and run arbitrary code...

USN-4043-1: Django vulnerabilities

It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10 and Ubuntu 19.04. CVE-2019-12308 Gavin Wahl discovered that Django incorrectly handled HTTP detection when...

USN-4041-2: Linux kernel (HWE) update

USN-4041-1 provided updates for the Linux kernel in Ubuntu. This update provides the corresponding updates for the Linux kernel for Ubuntu 16.04 ESM. USN-4017-2 fixed vulnerabilities in the Linux kernel. Unfortunately, the update introduced a regression that interfered with networking application...

USN-4041-1: Linux kernel update

USN-4017-1 fixed vulnerabilities in the Linux kernel for Ubuntu. Unfortunately, the update introduced a regression that interfered with networking applications that setup very low SOSNDBUF values. This update fixes the problem. We apologize for the inconvenience. Jonathan Looney discovered that t...

USN-4042-1: poppler vulnerabilities

It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service, or possibly execute arbitrary code...

USN-4039-1: CImg vulnerabilities

It was discovered that allocation failures could occur in CImg when loading crafted bmp images. An attacker could possibly use this issue to cause a denial of service. CVE-2018-7587 It was discovered that a heap-based buffer over-read existed in CImg when loading crafted bmp images. An attacker...

USN-4040-2: Expat vulnerability

USN-4040-1 fixed a vulnerability in expat. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service...

USN-4040-1: Expat vulnerability

It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service...

USN-4038-2: bzip2 vulnerabilities

USN-4038-1 fixed several vulnerabilities in bzip2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a deni...

USN-4038-1: bzip2 vulnerabilities

Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. CVE-2016-3189 It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use...

USN-4037-1: policykit-desktop-privileges update

The policykit-desktop-privileges Startup Disk Creator policy allowed administrative users to overwrite disks. As a security improvement, this operation now requires authentication...

USN-4036-1: OpenStack Neutron vulnerability

Erik Olof Gunnar Andersson discovered that OpenStack Neutron incorrectly handled certain security group rules in the iptables firewall module. An authenticated attacker could possibly use this issue to block further application of security group rules for other instances...

USN-4035-1: Ceph vulnerabilities

It was discovered that Ceph incorrectly handled read only permissions. An authenticated attacker could use this issue to obtain dm-crypt encryption keys. This issue only affected Ubuntu 16.04 LTS. CVE-2018-14662 It was discovered that Ceph incorrectly handled certain OMAPs holding bucket indices...

USN-4034-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of th...

USN-4033-1: libmysofa vulnerability

It was discovered that a libmysofa component does not properly validate multiplications and additions, and may crash with some specific input...

USN-4032-1: Firefox vulnerability

It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code...

USN-4031-1: Linux kernel vulnerability

It was discovered that the Linux kernel did not properly separate certain memory mappings when creating new userspace processes on 64-bit Power ppc64el systems. A local attacker could use this to access memory contents or cause memory corruption of other processes on the system...

USN-4030-1: web2py vulnerabilities

It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform brute-force attacks. CVE-2016-10321 It was discovered that web2py allows remote attackers to obtain environment variable values. An attacker could...

USN-3977-3: Intel Microcode update

USN-3977-1 and USN-3977-2 provided mitigations for Microarchitectural Data Sampling MDS vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for the Intel Sandy Bridge processor family Ke Sun,...

USN-4028-1: Thunderbird vulnerabilities

Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code...

USN-4027-1: PostgreSQL vulnerability

Alexander Lakhin discovered that PostgreSQL incorrectly handled authentication. An authenticated attacker or a rogue server could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases...

USN-4023-1: Mosquitto vulnerabilities

It was discovered that Mosquitto broker incorrectly handled certain specially crafted input and network packets. A remote attacker could use this to cause a denial of service...

USN-4026-1: Bind vulnerability

It was discovered that Bind incorrectly handled certain malformed packets. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service...

USN-4024-1: Evince update

As a security improvement, this update adjusts the AppArmor profile for the Evince thumbnailer to reduce access to the system and adjusts the AppArmor profile for Evince and Evince previewer to limit access to the DBus system bus. Additionally adjust the evince abstraction to disallow writes on...

USN-4022-1: Gunicorn vulnerability

It was discovered that gunicorn improperly handled certain input. An attacker could potentially use this issue execute a cross-site scripting XSS attack...

USN-4019-2: SQLite vulnerabilities

USN-4019-1 fixed several vulnerabilities in sqlite3. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary cod...

USN-4020-1: Firefox vulnerability

A type confusion bug was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code...

USN-4021-1: libvirt vulnerabilities

Daniel P. Berrangé discovered that libvirt incorrectly handled socket permissions. A local attacker could possibly use this issue to access libvirt. CVE-2019-10132 It was discovered that libvirt incorrectly performed certain permission checks. A remote attacker could possibly use this issue to...

USN-4019-1: SQLite vulnerabilities

It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS. CVE-2017-2518, CVE-2017-2520 It was discovered that SQLite incorrectly handled certain...

USN-4018-1: Samba vulnerabilities

It was discovered that Samba incorrectly handled certain RPC messages. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. CVE-2019-12435 It was discovered that Samba incorrectly handled LDAP pages searches. A remote attacker could possibly u...

USN-4017-1: Linux kernel vulnerabilities

Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment SACK sequences. A remote attacker could use this to cause a denial of service. CVE-2019-11478 Jonathan Looney discovered that an...

USN-4017-2: Linux kernel vulnerabilities

USN-4017-1 fixed vulnerabilities in the Linux kernel for Ubuntu. This update provides the corresponding updates for the Linux kernel for Ubuntu 16.04 ESM and Ubuntu 14.04 ESM. Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when...

USN-3991-3: Firefox regression

USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. We apologize for the inconvenience. Original...

USN-4015-2: DBus vulnerability

USN-4015-1 fixed a vulnerability in DBus. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Joe Vennix discovered that DBus incorrectly handled DBUSCOOKIESHA1 authentication. A local attacker could possibly use this issue to bypass...

USN-4016-2: Neovim vulnerability

It was discovered that Neovim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. CVE-2019-12735...

USN-4016-1: Vim vulnerabilities

It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2017-5953 It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to...

USN-4015-1: DBus vulnerability

Joe Vennix discovered that DBus incorrectly handled DBUSCOOKIESHA1 authentication. A local attacker could possibly use this issue to bypass authentication and connect to DBus servers with elevated privileges...

USN-4014-2: GLib vulnerability

USN-4014-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information...

USN-4014-1: GLib vulnerability

It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information...

USN-4013-1: libsndfile vulnerabilities

It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-4012-1: elfutils vulnerabilities

It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service...

USN-4008-3: Linux kernel (Xenial HWE) vulnerabilities

USN-4008-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Robert Święcki discovered that the Linux kernel did not properly apply Address Space...

USN-3991-2: Firefox regression

USN-3991-1 fixed vulnerabilities in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user...

USN-4011-2: Jinja2 vulnerabilities

USN-4011-1 fixed several vulnerabilities in Jinja2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbo...

USN-4011-1: Jinja2 vulnerabilities

Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. This issue only affected Ubuntu 16.04 LTS. CVE-2016-10745 Brian Welch discovered that Jinja incorrectly handled str.formatmap. An attacker could possibly use this...