[ubuntu/xenial-updates] italc 1:2.0.2+dfsg1-4ubuntu0.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Oct 8 13:58:10 UTC 2020

italc (1:2.0.2+dfsg1-4ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/libvncclient_CVE-2014-6051.patch: Fix integer overflow in
    - CVE-2014-6051
  * SECURITY UPDATE: Memory leak
    - debian/patches/libvncclient_CVE-2014-6052.patch: Check for
      MallocFrameBuffer() return value.
    - debian/patches/libvncserver_CVE-2014-6053.patch: Check malloc() return
      value on client->server ClientCutText message.
    - debian/patches/libvncserver_CVE-2019-15681.patch: rfbserver: don't leak
      stack memory to the remote.
    - CVE-2014-6052
    - CVE-2014-6053
    - CVE-2019-15681
  * SECURITY UPDATE: Division by zero
    - debian/patches/libvncserver_CVE-2014-6054.patch: Do not accept a scaling
      factor of zero.
    - CVE-2014-6054
  * SECURITY UPDATE: Stack-based buffer overflow
    - debian/patches/libvncserver_CVE-2014-6055.patch: Fix multiple
      stack-based buffer overflows in file transfer feature.
    - CVE-2014-6055
  * SECURITY UPDATE: Heap-based buffer overflow
    - debian/patches/libvncclient_CVE-2016-9941.patch: Fix heap overflows in
      the various rectangle fill functions.
    - debian/patches/libvncclient_CVE-2016-9942.patch: Fix heap overflow in
      the ultra.c decoder.
    - CVE-2016-9941
    - CVE-2016-9942
  * SECURITY UPDATE: Input sanitization
    - debian/patches/libvncserver_CVE-2018-7225.patch: Impose a limit of 1 MB
      so that the value fits into all of the types.
    - CVE-2018-7225
  * SECURITY UPDATE: Heap out-of-bound write
    - debian/patches/libvnc_server+client_CVE-2018-15127-CVE-2018-20019.patch:
      fix three possible heap buffer overflows.
    - debian/patches/libvncclient_CVE-2018-20020.patch: heap out-of-bound
      write vulnerability inside structure in VNC client code that can result
      remote code execution.
    - debian/patches/libvncclient_CVE-2018-20748-1.patch: LibVNCClient: ignore
      server-sent cut text longer than 1MB.
    - debian/patches/libvncclient_CVE-2018-20748-2.patch: LibVNCClient: ignore
      server-sent reason strings longer than.
    - debian/patches/libvncclient_CVE-2018-20748-3.patch: LibVNCClient: fail
      on server-sent desktop name lengths longer.
    - debian/patches/libvncclient_CVE-2018-20748-4.patch: LibVNCClient: remove
      now-useless cast.
    - debian/patches/libvncserver_CVE-2018-20749.patch: Error out in
      rfbProcessFileTransferReadBuffer if length can.
    - debian/patches/libvncserver_CVE-2018-20750.patch: Limit length to
      INT_MAX bytes in rfbProcessFileTransferReadBuffer().
    - CVE-2018-15127
    - CVE-2018-20019
    - CVE-2018-20020
    - CVE-2018-20748
    - CVE-2018-20749
    - CVE-2018-20750
  * SECURITY UPDATE: Infinite loop
    - debian/patches/libvncclient_CVE-2018-20021.patch: Infinite loop
      vulnerability in VNC client code.
    - CVE-2018-20021
  * SECURITY UPDATE: Improper Initialization
    - debian/patches/libvncclient_CVE-2018-20022.patch: Improper Initialization
      vulnerability in VNC client code.
    - debian/patches/libvncclient_CVE-2018-20023.patch: Improper Initialization
      vulnerability in VNC Repeater client.
    - CVE-2018-20022
    - CVE-2018-20023
  * SECURITY UPDATE: Null pointer dereference
    - debian/patches/libvncclient_CVE-2018-20024.patch: null pointer
      dereference in VNC client code that can result DoS.
    - CVE-2018-20024

Date: 2020-10-07 20:09:13.261726+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list