USN-4772-1: VNC4 vulnerabilities
15 March 2021
Several security issues were fixed in VNC4.
Releases
Packages
- vnc4 - Virtual network computing
Details
USN-2500-1 addressed CVE-2015-0255 for xorg-server. This update provides
the corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2015-0255)
USN-2726-1 addressed CVE-2015-1283 for Expat. This update provides the
corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2015-1283)
Original advisory details:
Olivier Fourdan discovered that the X.Org X server incorrectly handled
XkbSetGeometry requests resulting in an information leak. An attacker able
to connect to an X server, either locally or remotely, could use this issue
to possibly obtain sensitive information. (CVE-2015-0255)
It was discovered that Expat incorrectly handled malformed XML data. If a
user or application linked against Expat were tricked into opening a
crafted XML file, an attacker could cause a denial of service, or possibly
execute arbitrary code. (CVE-2015-1283)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
xvnc4viewer
-
4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1
Available with Ubuntu Pro
-
vnc4server
-
4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1
Available with Ubuntu Pro
Ubuntu 14.04
-
xvnc4viewer
-
4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1
Available with Ubuntu Pro
-
vnc4server
-
4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.