UbuntuUpdates.org

Package "italc-master"

Name: italc-master

Description:

intelligent Teaching And Learning with Computers - master

Latest version: 1:2.0.2+dfsg1-4ubuntu0.1
Release: xenial (16.04)
Level: updates
Repository: universe
Head package: italc
Homepage: http://italc.sourceforge.net/home.php

Links


Download "italc-master"


Other versions of "italc-master" in Xenial

Repository Area Version
base universe 1:2.0.2+dfsg1-4
security universe 1:2.0.2+dfsg1-4ubuntu0.1

Changelog

Version: 1:2.0.2+dfsg1-4ubuntu0.1 2020-10-08 15:06:21 UTC

  italc (1:2.0.2+dfsg1-4ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/libvncclient_CVE-2014-6051.patch: Fix integer overflow in
      MallocFrameBuffer().
    - CVE-2014-6051
  * SECURITY UPDATE: Memory leak
    - debian/patches/libvncclient_CVE-2014-6052.patch: Check for
      MallocFrameBuffer() return value.
    - debian/patches/libvncserver_CVE-2014-6053.patch: Check malloc() return
      value on client->server ClientCutText message.
    - debian/patches/libvncserver_CVE-2019-15681.patch: rfbserver: don't leak
      stack memory to the remote.
    - CVE-2014-6052
    - CVE-2014-6053
    - CVE-2019-15681
  * SECURITY UPDATE: Division by zero
    - debian/patches/libvncserver_CVE-2014-6054.patch: Do not accept a scaling
      factor of zero.
    - CVE-2014-6054
  * SECURITY UPDATE: Stack-based buffer overflow
    - debian/patches/libvncserver_CVE-2014-6055.patch: Fix multiple
      stack-based buffer overflows in file transfer feature.
    - CVE-2014-6055
  * SECURITY UPDATE: Heap-based buffer overflow
    - debian/patches/libvncclient_CVE-2016-9941.patch: Fix heap overflows in
      the various rectangle fill functions.
    - debian/patches/libvncclient_CVE-2016-9942.patch: Fix heap overflow in
      the ultra.c decoder.
    - CVE-2016-9941
    - CVE-2016-9942
  * SECURITY UPDATE: Input sanitization
    - debian/patches/libvncserver_CVE-2018-7225.patch: Impose a limit of 1 MB
      so that the value fits into all of the types.
    - CVE-2018-7225
  * SECURITY UPDATE: Heap out-of-bound write
    - debian/patches/libvnc_server+client_CVE-2018-15127-CVE-2018-20019.patch:
      fix three possible heap buffer overflows.
    - debian/patches/libvncclient_CVE-2018-20020.patch: heap out-of-bound
      write vulnerability inside structure in VNC client code that can result
      remote code execution.
    - debian/patches/libvncclient_CVE-2018-20748-1.patch: LibVNCClient: ignore
      server-sent cut text longer than 1MB.
    - debian/patches/libvncclient_CVE-2018-20748-2.patch: LibVNCClient: ignore
      server-sent reason strings longer than.
    - debian/patches/libvncclient_CVE-2018-20748-3.patch: LibVNCClient: fail
      on server-sent desktop name lengths longer.
    - debian/patches/libvncclient_CVE-2018-20748-4.patch: LibVNCClient: remove
      now-useless cast.
    - debian/patches/libvncserver_CVE-2018-20749.patch: Error out in
      rfbProcessFileTransferReadBuffer if length can.
    - debian/patches/libvncserver_CVE-2018-20750.patch: Limit length to
      INT_MAX bytes in rfbProcessFileTransferReadBuffer().
    - CVE-2018-15127
    - CVE-2018-20019
    - CVE-2018-20020
    - CVE-2018-20748
    - CVE-2018-20749
    - CVE-2018-20750
  * SECURITY UPDATE: Infinite loop
    - debian/patches/libvncclient_CVE-2018-20021.patch: Infinite loop
      vulnerability in VNC client code.
    - CVE-2018-20021
  * SECURITY UPDATE: Improper Initialization
    - debian/patches/libvncclient_CVE-2018-20022.patch: Improper Initialization
      vulnerability in VNC client code.
    - debian/patches/libvncclient_CVE-2018-20023.patch: Improper Initialization
      vulnerability in VNC Repeater client.
    - CVE-2018-20022
    - CVE-2018-20023
  * SECURITY UPDATE: Null pointer dereference
    - debian/patches/libvncclient_CVE-2018-20024.patch: null pointer
      dereference in VNC client code that can result DoS.
    - CVE-2018-20024

 -- Paulo Flabiano Smorigo <email address hidden> Wed, 07 Oct 2020 13:56:51 +0000

CVE-2014-6051 Integer overflow in MallocFrameBuffer() on client side
CVE-2014-6052 Lack of malloc() return value checking on client side
CVE-2014-6053 Server crash on a very large ClientCutText message
CVE-2019-15681 LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read st
CVE-2014-6054 Server crash when scaling factor is set to zero
CVE-2014-6055 Multiple stack overflows in File Transfer feature
CVE-2016-9941 Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (applicatio
CVE-2016-9942 Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application c
CVE-2018-7225 An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to a
CVE-2018-15127 LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extensio
CVE-2018-20019 LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can r
CVE-2018-20020 LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that
CVE-2018-20748 LibVNC before 0.9.12 contains multiple heap out-of-bounds write ...
CVE-2018-20749 LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability ...
CVE-2018-20750 LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability ...
CVE-2018-20021 LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allow
CVE-2018-20022 LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code
CVE-2018-20023 LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allow
CVE-2018-20024 LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS.



About   -   Send Feedback to @ubuntu_updates