USN-4547-1: iTALC vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4547-1
September 28, 2020
italc vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in iTALC.
Software Description:
- italc: didact tool which allows teachers to view and control computer labs
Details:
It was discovered that an information disclosure vulnerability existed in the
LibVNCServer vendored in iTALC when sending a ServerCutText message. An
attacker could possibly use this issue to expose sensitive information.
(CVE-2019-15681)
It was discovered that the LibVNCServer and LibVNCClient vendored in iTALC
incorrectly handled certain packet lengths. A remote attacker could possibly
use this issue to obtain sensitive information, cause a denial of service, or
execute arbitrary code.
(CVE-2018-15127 CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022,
CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750,
CVE-2018-7225, CVE-2019-15681)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
italc-client 1:3.0.3+dfsg1-3ubuntu0.1
italc-master 1:3.0.3+dfsg1-3ubuntu0.1
libitalccore 1:3.0.3+dfsg1-3ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4547-1
CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021,
CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748,
CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681
Package Information:
https://launchpad.net/ubuntu/+source/italc/1:3.0.3+dfsg1-3ubuntu0.1
An iTALC security update has been released for Ubuntu Linux 18.04 LTS.