Ubuntu Security Notice 4547-1 - It was discovered that an information disclosure vulnerability existed in the LibVNCServer vendored in iTALC when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. It was discovered that the LibVNCServer and LibVNCClient vendored in iTALC incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
e4c50aa2b1573b7262150b8b4b002ebcb5cceb0ae668df08c6e6bc1f95f45750==========================================================================
Ubuntu Security Notice USN-4547-1
September 28, 2020
italc vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in iTALC.
Software Description:
- italc: didact tool which allows teachers to view and control computer labs
Details:
It was discovered that an information disclosure vulnerability existed in the
LibVNCServer vendored in iTALC when sending a ServerCutText message. An
attacker could possibly use this issue to expose sensitive information.
(CVE-2019-15681)
It was discovered that the LibVNCServer and LibVNCClient vendored in iTALC
incorrectly handled certain packet lengths. A remote attacker could possibly
use this issue to obtain sensitive information, cause a denial of service, or
execute arbitrary code.
(CVE-2018-15127 CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022,
CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750,
CVE-2018-7225, CVE-2019-15681)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
italc-client 1:3.0.3+dfsg1-3ubuntu0.1
italc-master 1:3.0.3+dfsg1-3ubuntu0.1
libitalccore 1:3.0.3+dfsg1-3ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4547-1
CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021,
CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748,
CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681
Package Information:
https://launchpad.net/ubuntu/+source/italc/1:3.0.3+dfsg1-3ubuntu0.1
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed