Package "italc-master"
| Name: |
italc-master
|
Description: |
intelligent Teaching And Learning with Computers - master
|
| Latest version: |
1:2.0.2+dfsg1-4ubuntu0.1 |
| Release: |
xenial (16.04) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
italc |
| Homepage: |
http://italc.sourceforge.net/home.php |
Links
Download "italc-master"
Other versions of "italc-master" in Xenial
Changelog
|
italc (1:2.0.2+dfsg1-4ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Buffer overflow
- debian/patches/libvncclient_CVE-2014-6051.patch: Fix integer overflow in
MallocFrameBuffer().
- CVE-2014-6051
* SECURITY UPDATE: Memory leak
- debian/patches/libvncclient_CVE-2014-6052.patch: Check for
MallocFrameBuffer() return value.
- debian/patches/libvncserver_CVE-2014-6053.patch: Check malloc() return
value on client->server ClientCutText message.
- debian/patches/libvncserver_CVE-2019-15681.patch: rfbserver: don't leak
stack memory to the remote.
- CVE-2014-6052
- CVE-2014-6053
- CVE-2019-15681
* SECURITY UPDATE: Division by zero
- debian/patches/libvncserver_CVE-2014-6054.patch: Do not accept a scaling
factor of zero.
- CVE-2014-6054
* SECURITY UPDATE: Stack-based buffer overflow
- debian/patches/libvncserver_CVE-2014-6055.patch: Fix multiple
stack-based buffer overflows in file transfer feature.
- CVE-2014-6055
* SECURITY UPDATE: Heap-based buffer overflow
- debian/patches/libvncclient_CVE-2016-9941.patch: Fix heap overflows in
the various rectangle fill functions.
- debian/patches/libvncclient_CVE-2016-9942.patch: Fix heap overflow in
the ultra.c decoder.
- CVE-2016-9941
- CVE-2016-9942
* SECURITY UPDATE: Input sanitization
- debian/patches/libvncserver_CVE-2018-7225.patch: Impose a limit of 1 MB
so that the value fits into all of the types.
- CVE-2018-7225
* SECURITY UPDATE: Heap out-of-bound write
- debian/patches/libvnc_server+client_CVE-2018-15127-CVE-2018-20019.patch:
fix three possible heap buffer overflows.
- debian/patches/libvncclient_CVE-2018-20020.patch: heap out-of-bound
write vulnerability inside structure in VNC client code that can result
remote code execution.
- debian/patches/libvncclient_CVE-2018-20748-1.patch: LibVNCClient: ignore
server-sent cut text longer than 1MB.
- debian/patches/libvncclient_CVE-2018-20748-2.patch: LibVNCClient: ignore
server-sent reason strings longer than.
- debian/patches/libvncclient_CVE-2018-20748-3.patch: LibVNCClient: fail
on server-sent desktop name lengths longer.
- debian/patches/libvncclient_CVE-2018-20748-4.patch: LibVNCClient: remove
now-useless cast.
- debian/patches/libvncserver_CVE-2018-20749.patch: Error out in
rfbProcessFileTransferReadBuffer if length can.
- debian/patches/libvncserver_CVE-2018-20750.patch: Limit length to
INT_MAX bytes in rfbProcessFileTransferReadBuffer().
- CVE-2018-15127
- CVE-2018-20019
- CVE-2018-20020
- CVE-2018-20748
- CVE-2018-20749
- CVE-2018-20750
* SECURITY UPDATE: Infinite loop
- debian/patches/libvncclient_CVE-2018-20021.patch: Infinite loop
vulnerability in VNC client code.
- CVE-2018-20021
* SECURITY UPDATE: Improper Initialization
- debian/patches/libvncclient_CVE-2018-20022.patch: Improper Initialization
vulnerability in VNC client code.
- debian/patches/libvncclient_CVE-2018-20023.patch: Improper Initialization
vulnerability in VNC Repeater client.
- CVE-2018-20022
- CVE-2018-20023
* SECURITY UPDATE: Null pointer dereference
- debian/patches/libvncclient_CVE-2018-20024.patch: null pointer
dereference in VNC client code that can result DoS.
- CVE-2018-20024
-- Paulo Flabiano Smorigo <email address hidden> Wed, 07 Oct 2020 13:56:51 +0000
|
| CVE-2014-6051 |
Integer overflow in MallocFrameBuffer() on client side |
| CVE-2014-6052 |
Lack of malloc() return value checking on client side |
| CVE-2014-6053 |
Server crash on a very large ClientCutText message |
| CVE-2019-15681 |
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read st |
| CVE-2014-6054 |
Server crash when scaling factor is set to zero |
| CVE-2014-6055 |
Multiple stack overflows in File Transfer feature |
| CVE-2016-9941 |
Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (applicatio |
| CVE-2016-9942 |
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application c |
| CVE-2018-7225 |
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to a |
| CVE-2018-15127 |
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extensio |
| CVE-2018-20019 |
LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can r |
| CVE-2018-20020 |
LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that |
| CVE-2018-20748 |
LibVNC before 0.9.12 contains multiple heap out-of-bounds write ... |
| CVE-2018-20749 |
LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability ... |
| CVE-2018-20750 |
LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability ... |
| CVE-2018-20021 |
LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allow |
| CVE-2018-20022 |
LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code |
| CVE-2018-20023 |
LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allow |
| CVE-2018-20024 |
LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS. |
|
About
-
Send Feedback to @ubuntu_updates
