========================================================================== Ubuntu Security Notice USN-4547-1 September 28, 2020 italc vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in iTALC. Software Description: - italc: didact tool which allows teachers to view and control computer labs Details: It was discovered that an information disclosure vulnerability existed in the LibVNCServer vendored in iTALC when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-15681) It was discovered that the LibVNCServer and LibVNCClient vendored in iTALC incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. (CVE-2018-15127 CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: italc-client 1:3.0.3+dfsg1-3ubuntu0.1 italc-master 1:3.0.3+dfsg1-3ubuntu0.1 libitalccore 1:3.0.3+dfsg1-3ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4547-1 CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681 Package Information: https://launchpad.net/ubuntu/+source/italc/1:3.0.3+dfsg1-3ubuntu0.1 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce