==========================================================================
Ubuntu Security Notice USN-4547-1
September 28, 2020

italc vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in iTALC.

Software Description:
– italc: didact tool which allows teachers to view and control computer labs

Details:

It was discovered that an information disclosure vulnerability existed in the
LibVNCServer vendored in iTALC when sending a ServerCutText message. An
attacker could possibly use this issue to expose sensitive information.
(CVE-2019-15681)

It was discovered that the LibVNCServer and LibVNCClient vendored in iTALC
incorrectly handled certain packet lengths. A remote attacker could possibly
use this issue to obtain sensitive information, cause a denial of service, or
execute arbitrary code.
(CVE-2018-15127 CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022,
CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750,
CVE-2018-7225, CVE-2019-15681)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
italc-client 1:3.0.3+dfsg1-3ubuntu0.1
italc-master 1:3.0.3+dfsg1-3ubuntu0.1
libitalccore 1:3.0.3+dfsg1-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4547-1
CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021,
CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748,
CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681

Package Information:
https://launchpad.net/ubuntu/+source/italc/1:3.0.3+dfsg1-3ubuntu0.1

—