Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 18.04 LTS: USN-4547-1 Critical: iTALC Multiple Issues

ubuntu
Calendar Grey September 28, 2020
Dist Ubuntu Esm H88
A series of security flaws in iTALC have been addressed through this patch for Ubuntu 18.04 LTS, enhancing overall reliability.
Several security issues were fixed in iTALC.

Summary

Several security issues were fixed in iTALC.

Software Description:

- italc: didact tool which allows teachers to view and control computer labs

Details:

It was discovered that an information disclosure vulnerability existed in the

LibVNCServer vendored in iTALC when sending a ServerCutText message. An

attacker could possibly use this issue to expose sensitive information.

(CVE-2019-15681)

It was discovered that the LibVNCServer and LibVNCClient vendored in iTALC

incorrectly handled certain packet lengths. A remote attacker could possibly

use this issue to obtain sensitive information, cause a denial of service, or

execute arbitrary code.

(CVE-2018-15127 CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022,

CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750,

CVE-2018-7225, CVE-2019-15681)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  italc-client                    1:3.0.3+dfsg1-3ubuntu0.1
  italc-master                    1:3.0.3+dfsg1-3ubuntu0.1
  libitalccore                    1:3.0.3+dfsg1-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4547-1

CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021,

CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748,

CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681

Severity
critical
Lowest
Low
Medium
High
Critical

September 28, 2020

Package Information

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here