Ubuntu Security Notice 4587-1 - Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. A remote attacker could use these issues to cause a denial of service or possibly execute arbitrary code. Josef Gajdusek discovered that iTALC had heap-based buffer overflow vulnerabilities. A remote attacker could used these issues to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
852e2ad5f87cab236b79c9a3c921691e530d13ce804213bb2268c40edc71dc2c
Ubuntu Security Notice 4573-1 - Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. It was discovered that Vino incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
d1c1dec0425b1351154dbc2e5d1e29f09c8665e1b8c90126af657be592658be8
Ubuntu Security Notice 4547-1 - It was discovered that an information disclosure vulnerability existed in the LibVNCServer vendored in iTALC when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. It was discovered that the LibVNCServer and LibVNCClient vendored in iTALC incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
e4c50aa2b1573b7262150b8b4b002ebcb5cceb0ae668df08c6e6bc1f95f45750
Ubuntu Security Notice 4407-1 - It was discovered that LibVNCServer incorrectly handled decompressing data. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. It was discovered that an information disclosure vulnerability existed in LibVNCServer when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. Various other issues were also addressed.
381823d3f578d2ce7c04ed4ac635ad995451cdf2fecebc4a75523f9889132a63