UbuntuUpdates.org

Package "libitalccore"

Name: libitalccore

Description:

intelligent Teaching And Learning with Computers - libraries

Latest version: 1:3.0.3+dfsg1-3ubuntu0.1
Release: bionic (18.04)
Level: security
Repository: universe
Head package: italc
Homepage: http://italc.sourceforge.net/home.php

Links


Download "libitalccore"


Other versions of "libitalccore" in Bionic

Repository Area Version
base universe 1:3.0.3+dfsg1-3
updates universe 1:3.0.3+dfsg1-3ubuntu0.1

Changelog

Version: 1:3.0.3+dfsg1-3ubuntu0.1 2020-09-28 15:06:58 UTC

  italc (1:3.0.3+dfsg1-3ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: merge security patches from debian for heap overflows
    - debian/patches/libvncserver_CVE-2018-7225.patch: Uninitialized and
      potentially sensitive data could be accessed by remote attackers because
      the msg.cct.length in rfbserver.c was not sanitized.
    - debian/patches/libvnc_server+client_CVE-2018-15127-CVE-2018-20019.patch:
      heap out-of-bound write vulnerability.
    - debian/patches/libvncclient_CVE-2018-20020.patch: heap out-of-bound
      write vulnerability inside structure in VNC client code.
    - debian/patches/libvncclient_CVE-2018-20021.patch: CWE-835: Infinite loop
      vulnerability in VNC client code.
    - debian/patches/libvncclient_CVE-2018-20022.patch: CWE-665: Improper
      Initialization vulnerability.
    - debian/patches/libvncclient_CVE-2018-20023.patch: Improper
      Initialization vulnerability in VNC Repeater client code.
    - debian/patches/libvncclient_CVE-2018-20024.patch: null pointer
      dereference that can result DoS.
    - debian/patches/libvncclient_CVE-2018-20748-1.patch: ignore server-sent
      cut text longer than 1MB
    - debian/patches/libvncclient_CVE-2018-20748-2.patch: ignore server-sent
      reasong strings longer than 1MB
    - debian/patches/libvncclient_CVE-2018-20748-3.patch: fail on server-sent
      desktop name lengths longer than 1MB
    - debian/patches/libvncclient_CVE-2018-20748-4.patch: remove now-useless
      cast
    - debian/patches/libvncserver_CVE-2018-20749.patch: incomplete fix for
      CVE-2018-15127 oob heap writes.
    - debian/patches/libvncserver_CVE-2018-20750.patch: incomplete fix for
      CVE-2018-15127 oob heap writes.
    - debian/patches/libvncserver_CVE-2019-15681.patch: rfbserver: don't leak
      stack memory to the remote.
    - CVE-2018-7225
    - CVE-2018-15127
    - CVE-2018-20019
    - CVE-2018-20020
    - CVE-2018-20021
    - CVE-2018-20022
    - CVE-2018-20023
    - CVE-2018-20024
    - CVE-2018-20748
    - CVE-2018-20749
    - CVE-2018-20750
    - CVE-2019-15681

 -- Mike Salvatore <email address hidden> Thu, 24 Sep 2020 11:19:00 -0400

CVE-2018-7225 An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to a
CVE-2018-15127 LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extensio
CVE-2018-20019 LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can r
CVE-2018-20020 LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that
CVE-2018-20021 LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allow
CVE-2018-20022 LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code
CVE-2018-20023 LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allow
CVE-2018-20024 LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS.
CVE-2018-20748 LibVNC before 0.9.12 contains multiple heap out-of-bounds write ...
CVE-2018-20749 LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability ...
CVE-2018-20750 LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability ...
CVE-2019-15681 LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read st



About   -   Send Feedback to @ubuntu_updates