You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa italc

Sigurnosni nedostaci programskog paketa italc

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4587-1
October 20, 2020

italc vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in iTALC.

Software Description:
– italc: didact tool which allows teachers to view and control computer labs

Details:

Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors
and didn’t check malloc return values. A remote attacker could use these issues
to cause a denial of service or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)

Josef Gajdusek discovered that iTALC had heap-based buffer overflow
vulnerabilities. A remote attacker could used these issues to cause a denial of
service or possibly execute arbitrary code. (CVE-2016-9941, CVE-2016-9942)

It was discovered that iTALC had an out-of-bounds write, multiple heap
out-of-bounds writes, an infinite loop, improper initializations, and null
pointer vulnerabilities. A remote attacker could used these issues to cause a
denial of service or possibly execute arbitrary code. (CVE-2018-15127,
CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023,
CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225,
CVE-2019-15681)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
italc-client 1:2.0.2+dfsg1-4ubuntu0.1
italc-master 1:2.0.2+dfsg1-4ubuntu0.1
libitalccore 1:2.0.2+dfsg1-4ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4587-1
CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054,
CVE-2014-6055, CVE-2016-9941, CVE-2016-9942, CVE-2018-15127,
CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022,
CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749,
CVE-2018-20750, CVE-2018-7225, CVE-2019-15681

Package Information:
https://launchpad.net/ubuntu/+source/italc/1:2.0.2+dfsg1-4ubuntu0.1
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAl+QaBAACgkQbUp5kL3i
zGZqIA/6A3yrDme97yfM/QzgWnXNLaiblMwNBzL/BDXcc/txK33nMdFPRz30gce/
E5FLk6fL/QdZmMPtHm9ySWCQ8mo2AIywVIXTxkbhps8iihMQa/CD/fJ8NX5Q0lMF
Rg22g+Rt+shvo2Xk8/IBvvlDusBPvC224/68sCNtkbL3aAE76oFFXzcqA0wnxjQZ
hh06+7Hmus6w6Aa70ieXDbvNXSlJex0mHdNpQzDZVPDAltJC6BG+qvd5zAY3yLbz
q3UcGnwZp+E5WpSVCzOx+wgTsbvJ/v/pzBd7k/S6JwrKXbXzjDocxsqUJDB/dd/O
/tg+OvnH0dDobEJCcLC8r/ay+JvQVkE0SaeHPMmXni3Dx1O5floXqhFthSvSBVT5
WsLszpKmslLdggZIi6lUbQKgEhvjQuWGQd51DodksFmcpyNnpbwgd/babME0RNss
uWr9QjnZfRzZFiBxckbHu/HHpyOGsYT26Fku4MRiyAOv8KwcoNnt3uRkHWD1/Pwb
QtreI1CbwlmglM6T7Nn4pGbezw94h97D56WUaDndT9FD6kjhnlpUCbkWlL+h3jC5
l4zSk1ph02mtZi3Eem6bnvBkUgMEqfXMyrH9GdhTBk3ebicfeIN1JSRUfl+WanOy
w1PGTp8IomIKiNJIXyhpa3WetIe1SQh4zN1FLJQF3wcxqitdyDg=
=JiMD
—–END PGP SIGNATURE—–

AutorBruno Varga
Cert idNCERT-REF-2020-10-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa flightgear

Otkriven je sigurnosni nedostatak u programskom paketu flightgear za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje proizvoljnu manipulaciju datotekama....

Close