[ubuntu/bionic-security] italc 1:3.0.3+dfsg1-3ubuntu0.1 (Accepted)

Mike Salvatore mike.salvatore at canonical.com
Mon Sep 28 13:44:36 UTC 2020

italc (1:3.0.3+dfsg1-3ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: merge security patches from debian for heap overflows 
    - debian/patches/libvncserver_CVE-2018-7225.patch: Uninitialized and
      potentially sensitive data could be accessed by remote attackers because
      the msg.cct.length in rfbserver.c was not sanitized.
    - debian/patches/libvnc_server+client_CVE-2018-15127-CVE-2018-20019.patch:
      heap out-of-bound write vulnerability.
    - debian/patches/libvncclient_CVE-2018-20020.patch: heap out-of-bound
      write vulnerability inside structure in VNC client code.
    - debian/patches/libvncclient_CVE-2018-20021.patch: CWE-835: Infinite loop
      vulnerability in VNC client code.
    - debian/patches/libvncclient_CVE-2018-20022.patch: CWE-665: Improper
      Initialization vulnerability.
    - debian/patches/libvncclient_CVE-2018-20023.patch: Improper
      Initialization vulnerability in VNC Repeater client code.
    - debian/patches/libvncclient_CVE-2018-20024.patch: null pointer
      dereference that can result DoS.
    - debian/patches/libvncclient_CVE-2018-20748-1.patch: ignore server-sent
      cut text longer than 1MB
    - debian/patches/libvncclient_CVE-2018-20748-2.patch: ignore server-sent
      reasong strings longer than 1MB
    - debian/patches/libvncclient_CVE-2018-20748-3.patch: fail on server-sent
      desktop name lengths longer than 1MB
    - debian/patches/libvncclient_CVE-2018-20748-4.patch: remove now-useless
    - debian/patches/libvncserver_CVE-2018-20749.patch: incomplete fix for
      CVE-2018-15127 oob heap writes.
    - debian/patches/libvncserver_CVE-2018-20750.patch: incomplete fix for
      CVE-2018-15127 oob heap writes.
    - debian/patches/libvncserver_CVE-2019-15681.patch: rfbserver: don't leak
      stack memory to the remote.
    - CVE-2018-7225
    - CVE-2018-15127
    - CVE-2018-20019
    - CVE-2018-20020
    - CVE-2018-20021
    - CVE-2018-20022
    - CVE-2018-20023
    - CVE-2018-20024
    - CVE-2018-20748
    - CVE-2018-20749
    - CVE-2018-20750
    - CVE-2019-15681

Date: 2020-09-24 20:07:13.730073+00:00
Changed-By: Mike Salvatore <mike.salvatore at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list