Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in iTALC
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in iTALC
ID: USN-4587-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS
Datum: Mi, 21. Oktober 2020, 22:56
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7225
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15681
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9942
Applikationen: iTALC

Originalnachricht


--===============7354062021137395496==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="sm6hxamo4fjpujpi"
Content-Disposition: inline


--sm6hxamo4fjpujpi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4587-1
October 20, 2020

italc vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in iTALC.

Software Description:
- italc: didact tool which allows teachers to view and control computer labs

Details:

Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors
and didn't check malloc return values. A remote attacker could use these
issues
to cause a denial of service or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)

Josef Gajdusek discovered that iTALC had heap-based buffer overflow
vulnerabilities. A remote attacker could used these issues to cause a denial of
service or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)

It was discovered that iTALC had an out-of-bounds write, multiple heap
out-of-bounds writes, an infinite loop, improper initializations, and null
pointer vulnerabilities. A remote attacker could used these issues to cause a
denial of service or possibly execute arbitrary code. (CVE-2018-15127,
CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023,
CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225,
CVE-2019-15681)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
italc-client 1:2.0.2+dfsg1-4ubuntu0.1
italc-master 1:2.0.2+dfsg1-4ubuntu0.1
libitalccore 1:2.0.2+dfsg1-4ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4587-1
CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054,
CVE-2014-6055, CVE-2016-9941, CVE-2016-9942, CVE-2018-15127,
CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022,
CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749,
CVE-2018-20750, CVE-2018-7225, CVE-2019-15681

Package Information:
https://launchpad.net/ubuntu/+source/italc/1:2.0.2+dfsg1-4ubuntu0.1

--sm6hxamo4fjpujpi
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAl+QaBAACgkQbUp5kL3i
zGZqIA/6A3yrDme97yfM/QzgWnXNLaiblMwNBzL/BDXcc/txK33nMdFPRz30gce/
E5FLk6fL/QdZmMPtHm9ySWCQ8mo2AIywVIXTxkbhps8iihMQa/CD/fJ8NX5Q0lMF
Rg22g+Rt+shvo2Xk8/IBvvlDusBPvC224/68sCNtkbL3aAE76oFFXzcqA0wnxjQZ
hh06+7Hmus6w6Aa70ieXDbvNXSlJex0mHdNpQzDZVPDAltJC6BG+qvd5zAY3yLbz
q3UcGnwZp+E5WpSVCzOx+wgTsbvJ/v/pzBd7k/S6JwrKXbXzjDocxsqUJDB/dd/O
/tg+OvnH0dDobEJCcLC8r/ay+JvQVkE0SaeHPMmXni3Dx1O5floXqhFthSvSBVT5
WsLszpKmslLdggZIi6lUbQKgEhvjQuWGQd51DodksFmcpyNnpbwgd/babME0RNss
uWr9QjnZfRzZFiBxckbHu/HHpyOGsYT26Fku4MRiyAOv8KwcoNnt3uRkHWD1/Pwb
QtreI1CbwlmglM6T7Nn4pGbezw94h97D56WUaDndT9FD6kjhnlpUCbkWlL+h3jC5
l4zSk1ph02mtZi3Eem6bnvBkUgMEqfXMyrH9GdhTBk3ebicfeIN1JSRUfl+WanOy
w1PGTp8IomIKiNJIXyhpa3WetIe1SQh4zN1FLJQF3wcxqitdyDg=
=JiMD
-----END PGP SIGNATURE-----

--sm6hxamo4fjpujpi--


--===============7354062021137395496==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung