USN-4772-1: VNC4 vulnerabilities
15 March 2021
Several security issues were fixed in VNC4.
Releases
Packages
- vnc4 - Virtual network computing
Details
USN-2500-1 addressed CVE-2015-0255 for xorg-server. This update provides
the corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2015-0255)
USN-2726-1 addressed CVE-2015-1283 for Expat. This update provides the
corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2015-1283)
Original advisory details:
Olivier Fourdan discovered that the X.Org X server incorrectly handled
XkbSetGeometry requests resulting in an information leak. An attacker able
to connect to an X server, either locally or remotely, could use this issue
to possibly obtain sensitive information. (CVE-2015-0255)
It was discovered that Expat incorrectly handled malformed XML data. If a
user or application linked against Expat were tricked into opening a
crafted XML file, an attacker could cause a denial of service, or possibly
execute arbitrary code. (CVE-2015-1283)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
xvnc4viewer
-
4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1
Available with Ubuntu Pro
-
vnc4server
-
4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1
Available with Ubuntu Pro
Ubuntu 14.04
-
xvnc4viewer
-
4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1
Available with Ubuntu Pro
-
vnc4server
-
4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-2500-1: xorg-server-lts-trusty, xserver-xorg-dev-lts-utopic, xorg-server-source, xserver-xorg-core-lts-utopic, xorg-server-lts-utopic, xserver-xorg-core-lts-trusty, xserver-xorg-dev, xdmx, xserver-xephyr-lts-utopic, xvfb, xserver-xorg-core, xorg-server-source-lts-utopic, xorg-server, xserver-xorg-core-udeb, xserver-xephyr, xnest, xserver-common, xdmx-tools, xserver-xorg-xmir, xwayland-lts-utopic
- USN-3013-1: libxmlrpc-core-c3, libxmlrpc-c++4, xmlrpc-c
- USN-2726-1: libexpat1, lib64expat1, lib64expat1-dev, libexpat1-dev, libexpat1-udeb, expat
- USN-2677-1: oxideqmlscene, oxideqt-codecs-extra, liboxideqtcore0, oxideqt-chromedriver, liboxideqt-qmlplugin, liboxideqtquick0, oxideqt-codecs, oxide-qt
- USN-5455-1: libxmltok, libxmltok1-dev, libxmltok1