--===============7354062021137395496==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
 boundary="sm6hxamo4fjpujpi"
Content-Disposition: inline


--sm6hxamo4fjpujpi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4587-1
October 20, 2020

italc vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in iTALC.

Software Description:
- italc: didact tool which allows teachers to view and control computer labs

Details:

Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors
and didn't check malloc return values. A remote attacker could use these
 issues
to cause a denial of service or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)

Josef Gajdusek discovered that iTALC had heap-based buffer overflow
vulnerabilities. A remote attacker could used these issues to cause a denial of
service or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)

It was discovered that iTALC had an out-of-bounds write, multiple heap
out-of-bounds writes, an infinite loop, improper initializations, and null
pointer vulnerabilities. A remote attacker could used these issues to cause a
denial of service or possibly execute arbitrary code. (CVE-2018-15127,
CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023,
CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225,
CVE-2019-15681)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  italc-client                    1:2.0.2+dfsg1-4ubuntu0.1
  italc-master                    1:2.0.2+dfsg1-4ubuntu0.1
  libitalccore                    1:2.0.2+dfsg1-4ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
  https://usn.ubuntu.com/4587-1
  CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054,
  CVE-2014-6055, CVE-2016-9941, CVE-2016-9942, CVE-2018-15127,
  CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022,
  CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749,
  CVE-2018-20750, CVE-2018-7225, CVE-2019-15681

Package Information:
  https://launchpad.net/ubuntu/+source/italc/1:2.0.2+dfsg1-4ubuntu0.1

--sm6hxamo4fjpujpi
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAl+QaBAACgkQbUp5kL3i
zGZqIA/6A3yrDme97yfM/QzgWnXNLaiblMwNBzL/BDXcc/txK33nMdFPRz30gce/
E5FLk6fL/QdZmMPtHm9ySWCQ8mo2AIywVIXTxkbhps8iihMQa/CD/fJ8NX5Q0lMF
Rg22g+Rt+shvo2Xk8/IBvvlDusBPvC224/68sCNtkbL3aAE76oFFXzcqA0wnxjQZ
hh06+7Hmus6w6Aa70ieXDbvNXSlJex0mHdNpQzDZVPDAltJC6BG+qvd5zAY3yLbz
q3UcGnwZp+E5WpSVCzOx+wgTsbvJ/v/pzBd7k/S6JwrKXbXzjDocxsqUJDB/dd/O
/tg+OvnH0dDobEJCcLC8r/ay+JvQVkE0SaeHPMmXni3Dx1O5floXqhFthSvSBVT5
WsLszpKmslLdggZIi6lUbQKgEhvjQuWGQd51DodksFmcpyNnpbwgd/babME0RNss
uWr9QjnZfRzZFiBxckbHu/HHpyOGsYT26Fku4MRiyAOv8KwcoNnt3uRkHWD1/Pwb
QtreI1CbwlmglM6T7Nn4pGbezw94h97D56WUaDndT9FD6kjhnlpUCbkWlL+h3jC5
l4zSk1ph02mtZi3Eem6bnvBkUgMEqfXMyrH9GdhTBk3ebicfeIN1JSRUfl+WanOy
w1PGTp8IomIKiNJIXyhpa3WetIe1SQh4zN1FLJQF3wcxqitdyDg=
=JiMD
-----END PGP SIGNATURE-----

--sm6hxamo4fjpujpi--


--===============7354062021137395496==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce