USN-4772-1: VNC4 vulnerabilities
15 March 2021
Several security issues were fixed in VNC4.
Releases
Packages
- vnc4 - Virtual network computing
Details
USN-2500-1 addressed CVE-2015-0255 for xorg-server. This update provides
the corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2015-0255)
USN-2726-1 addressed CVE-2015-1283 for Expat. This update provides the
corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2015-1283)
Original advisory details:
Olivier Fourdan discovered that the X.Org X server incorrectly handled
XkbSetGeometry requests resulting in an information leak. An attacker able
to connect to an X server, either locally or remotely, could use this issue
to possibly obtain sensitive information. (CVE-2015-0255)
It was discovered that Expat incorrectly handled malformed XML data. If a
user or application linked against Expat were tricked into opening a
crafted XML file, an attacker could cause a denial of service, or possibly
execute arbitrary code. (CVE-2015-1283)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
xvnc4viewer
-
4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1
Available with Ubuntu Pro
-
vnc4server
-
4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1
Available with Ubuntu Pro
Ubuntu 14.04
-
xvnc4viewer
-
4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1
Available with Ubuntu Pro
-
vnc4server
-
4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-2500-1: xserver-xorg-core, xserver-xorg-core-lts-utopic, xorg-server, xserver-common, xdmx, xserver-xorg-dev, xwayland-lts-utopic, xserver-xephyr, xorg-server-source, xorg-server-source-lts-utopic, xnest, xserver-xorg-dev-lts-utopic, xserver-xorg-xmir, xdmx-tools, xserver-xorg-core-lts-trusty, xvfb, xorg-server-lts-trusty, xserver-xephyr-lts-utopic, xorg-server-lts-utopic, xserver-xorg-core-udeb
- USN-3013-1: libxmlrpc-c++4, xmlrpc-c, libxmlrpc-core-c3
- USN-2726-1: libexpat1, expat, libexpat1-dev, lib64expat1, libexpat1-udeb, lib64expat1-dev
- USN-2677-1: oxideqt-chromedriver, oxideqt-codecs-extra, oxideqt-codecs, liboxideqt-qmlplugin, oxideqmlscene, liboxideqtquick0, oxide-qt, liboxideqtcore0
- USN-5455-1: libxmltok1-dev, libxmltok, libxmltok1