Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.
You can also view the latest notices by subscribing to the RSS 
or the Atom feeds.
Latest notices
USN-4109-1: OpenJPEG vulnerabilities
It was discovered that OpenJPEG incorrectly handled certain PGX files. An attacker could possibly use this issue to cause a denial of service or possibly remote code execution. (CVE-2017-17480) It was discovered that OpenJPEG incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service….
21 August 2019 | ubuntu-18.04-lts
USN-4108-1: Zstandard vulnerability
It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
21 August 2019 | ubuntu-18.04-lts
USN-4107-1: GIFLIB vulnerabilities
It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2016-3977) It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of…
20 August 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts
USN-4106-1: NLTK vulnerability
Mike Salvatore discovered that NLTK mishandled crafted ZIP archives during extraction. A remote attacker could use this vulnerability to write arbitrary files to the filesystem
20 August 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts
USN-4105-1: CUPS vulnerabilities
Stephan Zeisberg discovered that the CUPS SNMP backend incorrectly handled encoded ASN.1 inputs. A remote attacker could possibly use this issue to cause CUPS to crash by providing specially crafted network traffic. (CVE-2019-8696, CVE-2019-8675) It was discovered that CUPS did not properly handle client disconnection events. A local attacker…
20 August 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts
USN-4104-1: Nova vulnerability
Donny Davis discovered that the Nova Compute service could return configuration or other information in response to a failed API request in some situations. A remote attacker could use this to expose sensitive information.
19 August 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts
USN-4103-2: Docker vulnerability
Jasiel Spelman discovered that a double free existed in the docker-credential- helpers dependency of Docker. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code. Original advisory details: Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker…
19 August 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts
USN-4103-1: docker-credential-helpers vulnerability
Jasiel Spelman discovered that a double free existed in docker-credential- helpers. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code.
19 August 2019 | ubuntu-19.04
USN-4078-2: OpenLDAP vulnerabilities
USN-4078-1 fixed several vulnerabilities in openldap. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another…
19 August 2019 | ubuntu-14.04-esm, ubuntu-12.04-esm
USN-4102-1: LibreOffice vulnerabilities
It was discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. (CVE-2019-9850, CVE-2019-9851) It was discovered that LibreOffice incorrectly handled embedded scripts in document files. If a user were…
19 August 2019 | ubuntu-19.04, ubuntu-18.04-lts, ubuntu-16.04-lts
Releases
- ubuntu 8.04 LTS
- ubuntu 6.06 LTS
- ubuntu 19.04
- ubuntu 18.10
- ubuntu 18.04 LTS
- ubuntu 17.10
- ubuntu 17.04
- ubuntu 16.10
- ubuntu 16.04 LTS
- ubuntu 15.10
- ubuntu 15.04
- ubuntu 14.10
- ubuntu 14.04 LTS
- ubuntu 14.04 ESM
- ubuntu 13.10
- ubuntu 13.04
- ubuntu 12.10
- ubuntu 12.04 LTS
- ubuntu 12.04 ESM
- ubuntu 11.10
- ubuntu 11.04
- ubuntu 10.10
- ubuntu 10.04 LTS
- ubuntu 9.10
- ubuntu 9.04
- ubuntu 8.10
- ubuntu 7.10
- ubuntu 7.04
- ubuntu 6.10
- ubuntu 5.10
- ubuntu 5.04
- ubuntu 4.10
