italc vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 18.04 LTS

Summary

Several security issues were fixed in iTALC.

Software Description

* italc - didact tool which allows teachers to view and control
computer labs

Details

It was discovered that an information disclosure vulnerability
existed in the LibVNCServer vendored in iTALC when sending a
ServerCutText message. An attacker could possibly use this issue
to expose sensitive information. (CVE-2019-15681)

It was discovered that the LibVNCServer and LibVNCClient vendored
in iTALC incorrectly handled certain packet lengths. A remote
attacker could possibly use this issue to obtain sensitive
information, cause a denial of service, or execute arbitrary code.
(CVE-2018-15127 CVE-2018-20019, CVE-2018-20020, CVE-2018-20021,
CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748,
CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681)

Update instructions

The problem can be corrected by updating your system to the
following package versions:

Ubuntu 18.04 LTS
italc-client - 1:3.0.3+dfsg1-3ubuntu0.1
italc-master - 1:3.0.3+dfsg1-3ubuntu0.1
libitalccore - 1:3.0.3+dfsg1-3ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary
changes.

References

* CVE-2018-15127
* CVE-2018-20019
* CVE-2018-20020
* CVE-2018-20021
* CVE-2018-20022
* CVE-2018-20023
* CVE-2018-20024
* CVE-2018-20748
* CVE-2018-20749
* CVE-2018-20750
* CVE-2018-7225
* CVE-2019-15681

--- Mystic BBS v1.12 A46 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)

italc vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 16.04 LTS

Summary

Several security issues were fixed in iTALC.

Software Description

* italc - didact tool which allows teachers to view and control
computer labs

Details

Nicolas Ruff discovered that iTALC had buffer overflows,
divide-by-zero errors and didn't check malloc return values. A
remote attacker could use these issues to cause a denial of
service or possibly execute arbitrary code. (CVE-2014-6051,
CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)

Josef Gajdusek discovered that iTALC had heap-based buffer
overflow vulnerabilities. A remote attacker could used these
issues to cause a denial of service or possibly execute arbitrary
code. (CVE-2016-9941, CVE-2016-9942)

It was discovered that iTALC had an out-of-bounds write, multiple
heap out-of-bounds writes, an infinite loop, improper
initializations, and null pointer vulnerabilities. A remote
attacker could used these issues to cause a denial of service or
possibly execute arbitrary code. (CVE-2018-15127, CVE-2018-20019,
CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023,
CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750,
CVE-2018-7225, CVE-2019-15681)

Update instructions

The problem can be corrected by updating your system to the
following package versions:

Ubuntu 16.04 LTS
italc-client - 1:2.0.2+dfsg1-4ubuntu0.1
italc-master - 1:2.0.2+dfsg1-4ubuntu0.1
libitalccore - 1:2.0.2+dfsg1-4ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary
changes.

References

* CVE-2014-6051
* CVE-2014-6052
* CVE-2014-6053
* CVE-2014-6054
* CVE-2014-6055
* CVE-2016-9941
* CVE-2016-9942
* CVE-2018-15127
* CVE-2018-20019
* CVE-2018-20020
* CVE-2018-20021
* CVE-2018-20022
* CVE-2018-20023
* CVE-2018-20024
* CVE-2018-20748
* CVE-2018-20749
* CVE-2018-20750
* CVE-2018-7225
* CVE-2019-15681

--- Mystic BBS v1.12 A46 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)