[ubuntu/bionic-updates] italc 1:3.0.3+dfsg1-3ubuntu0.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Sep 28 14:28:06 UTC 2020
italc (1:3.0.3+dfsg1-3ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: merge security patches from debian for heap overflows
- debian/patches/libvncserver_CVE-2018-7225.patch: Uninitialized and
potentially sensitive data could be accessed by remote attackers because
the msg.cct.length in rfbserver.c was not sanitized.
- debian/patches/libvnc_server+client_CVE-2018-15127-CVE-2018-20019.patch:
heap out-of-bound write vulnerability.
- debian/patches/libvncclient_CVE-2018-20020.patch: heap out-of-bound
write vulnerability inside structure in VNC client code.
- debian/patches/libvncclient_CVE-2018-20021.patch: CWE-835: Infinite loop
vulnerability in VNC client code.
- debian/patches/libvncclient_CVE-2018-20022.patch: CWE-665: Improper
Initialization vulnerability.
- debian/patches/libvncclient_CVE-2018-20023.patch: Improper
Initialization vulnerability in VNC Repeater client code.
- debian/patches/libvncclient_CVE-2018-20024.patch: null pointer
dereference that can result DoS.
- debian/patches/libvncclient_CVE-2018-20748-1.patch: ignore server-sent
cut text longer than 1MB
- debian/patches/libvncclient_CVE-2018-20748-2.patch: ignore server-sent
reasong strings longer than 1MB
- debian/patches/libvncclient_CVE-2018-20748-3.patch: fail on server-sent
desktop name lengths longer than 1MB
- debian/patches/libvncclient_CVE-2018-20748-4.patch: remove now-useless
cast
- debian/patches/libvncserver_CVE-2018-20749.patch: incomplete fix for
CVE-2018-15127 oob heap writes.
- debian/patches/libvncserver_CVE-2018-20750.patch: incomplete fix for
CVE-2018-15127 oob heap writes.
- debian/patches/libvncserver_CVE-2019-15681.patch: rfbserver: don't leak
stack memory to the remote.
- CVE-2018-7225
- CVE-2018-15127
- CVE-2018-20019
- CVE-2018-20020
- CVE-2018-20021
- CVE-2018-20022
- CVE-2018-20023
- CVE-2018-20024
- CVE-2018-20748
- CVE-2018-20749
- CVE-2018-20750
- CVE-2019-15681
Date: 2020-09-24 20:07:13.730073+00:00
Changed-By: Mike Salvatore <mike.salvatore at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/italc/1:3.0.3+dfsg1-3ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list