UBUNTU-CVE-2019-15681

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-15681

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-15681.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-15681

Related

Published

2019-10-29T19:15:00Z

Modified

2024-10-15T14:06:58Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.

References

Affected packages

Ubuntu:Pro:14.04:LTS / tightvnc

Package

Name: tightvnc
Purl: pkg:deb/ubuntu/tightvnc?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.9-6.5+deb8u1build0.14.04.1~esm1

Affected versions

1.*

1.3.9-6.4

1.3.9-6.4ubuntu1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "1.3.9-6.5+deb8u1build0.14.04.1~esm1",
            "binary_name": "tightvncserver"
        },
        {
            "binary_version": "1.3.9-6.5+deb8u1build0.14.04.1~esm1",
            "binary_name": "tightvncserver-dbgsym"
        },
        {
            "binary_version": "1.3.9-6.5+deb8u1build0.14.04.1~esm1",
            "binary_name": "xtightvncviewer"
        },
        {
            "binary_version": "1.3.9-6.5+deb8u1build0.14.04.1~esm1",
            "binary_name": "xtightvncviewer-dbgsym"
        }
    ]
}

Ubuntu:Pro:14.04:LTS / x11vnc

Package

Name: x11vnc
Purl: pkg:deb/ubuntu/x11vnc?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.13-1.1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:16.04:LTS / italc

Package

Name: italc
Purl: pkg:deb/ubuntu/italc?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.0.2+dfsg1-4ubuntu0.1

Affected versions

1:2.*

1:2.0.2+dfsg1-3

1:2.0.2+dfsg1-4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
            "binary_name": "italc-client"
        },
        {
            "binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
            "binary_name": "italc-client-dbg"
        },
        {
            "binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
            "binary_name": "italc-client-dbgsym"
        },
        {
            "binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
            "binary_name": "italc-management-console"
        },
        {
            "binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
            "binary_name": "italc-management-console-dbg"
        },
        {
            "binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
            "binary_name": "italc-management-console-dbgsym"
        },
        {
            "binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
            "binary_name": "italc-master"
        },
        {
            "binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
            "binary_name": "italc-master-dbg"
        },
        {
            "binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
            "binary_name": "italc-master-dbgsym"
        },
        {
            "binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
            "binary_name": "libitalccore"
        },
        {
            "binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
            "binary_name": "libitalccore-dbg"
        },
        {
            "binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
            "binary_name": "libitalccore-dbgsym"
        }
    ]
}

Ubuntu:16.04:LTS / libvncserver

Package

Name: libvncserver
Purl: pkg:deb/ubuntu/libvncserver?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.10+dfsg-3ubuntu0.16.04.4

Affected versions

0.*

0.9.10+dfsg-3

0.9.10+dfsg-3build1

0.9.10+dfsg-3ubuntu0.16.04.1

0.9.10+dfsg-3ubuntu0.16.04.2

0.9.10+dfsg-3ubuntu0.16.04.3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
            "binary_name": "libvncclient1"
        },
        {
            "binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
            "binary_name": "libvncclient1-dbg"
        },
        {
            "binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
            "binary_name": "libvncclient1-dbgsym"
        },
        {
            "binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
            "binary_name": "libvncserver-config"
        },
        {
            "binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
            "binary_name": "libvncserver-config-dbgsym"
        },
        {
            "binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
            "binary_name": "libvncserver-dev"
        },
        {
            "binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
            "binary_name": "libvncserver-dev-dbgsym"
        },
        {
            "binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
            "binary_name": "libvncserver1"
        },
        {
            "binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
            "binary_name": "libvncserver1-dbg"
        },
        {
            "binary_version": "0.9.10+dfsg-3ubuntu0.16.04.4",
            "binary_name": "libvncserver1-dbgsym"
        }
    ]
}

Ubuntu:16.04:LTS / vino

Package

Name: vino
Purl: pkg:deb/ubuntu/vino?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.8.1-0ubuntu9.3

Affected versions

3.*

3.8.1-0ubuntu6

3.8.1-0ubuntu7

3.8.1-0ubuntu8

3.8.1-0ubuntu9

3.8.1-0ubuntu9.1

3.8.1-0ubuntu9.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "3.8.1-0ubuntu9.3",
            "binary_name": "vino"
        },
        {
            "binary_version": "3.8.1-0ubuntu9.3",
            "binary_name": "vino-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / krfb

Package

Name: krfb
Purl: pkg:deb/ubuntu/krfb?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4:15.*

4:15.08.2-0ubuntu1

4:15.12.1-1ubuntu1

4:15.12.3-0ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:16.04:LTS / tightvnc

Package

Name: tightvnc
Purl: pkg:deb/ubuntu/tightvnc?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.10-0ubuntu2

1.3.10-0ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:16.04:LTS / x11vnc

Package

Name: x11vnc
Purl: pkg:deb/ubuntu/x11vnc?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.13-1.2build1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:18.04:LTS / italc

Package

Name: italc
Purl: pkg:deb/ubuntu/italc?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:3.0.3+dfsg1-3ubuntu0.1

Affected versions

1:3.*

1:3.0.3+dfsg1-1

1:3.0.3+dfsg1-2

1:3.0.3+dfsg1-2build1

1:3.0.3+dfsg1-2ubuntu1

1:3.0.3+dfsg1-3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
            "binary_name": "italc-client"
        },
        {
            "binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
            "binary_name": "italc-client-dbgsym"
        },
        {
            "binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
            "binary_name": "italc-management-console"
        },
        {
            "binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
            "binary_name": "italc-management-console-dbgsym"
        },
        {
            "binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
            "binary_name": "italc-master"
        },
        {
            "binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
            "binary_name": "italc-master-dbgsym"
        },
        {
            "binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
            "binary_name": "libitalccore"
        },
        {
            "binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
            "binary_name": "libitalccore-dbgsym"
        }
    ]
}

Ubuntu:18.04:LTS / libvncserver

Package

Name: libvncserver
Purl: pkg:deb/ubuntu/libvncserver?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.11+dfsg-1ubuntu1.2

Affected versions

0.*

0.9.11+dfsg-1

0.9.11+dfsg-1ubuntu1

0.9.11+dfsg-1ubuntu1.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "0.9.11+dfsg-1ubuntu1.2",
            "binary_name": "libvncclient1"
        },
        {
            "binary_version": "0.9.11+dfsg-1ubuntu1.2",
            "binary_name": "libvncclient1-dbg"
        },
        {
            "binary_version": "0.9.11+dfsg-1ubuntu1.2",
            "binary_name": "libvncserver-config"
        },
        {
            "binary_version": "0.9.11+dfsg-1ubuntu1.2",
            "binary_name": "libvncserver-dev"
        },
        {
            "binary_version": "0.9.11+dfsg-1ubuntu1.2",
            "binary_name": "libvncserver1"
        },
        {
            "binary_version": "0.9.11+dfsg-1ubuntu1.2",
            "binary_name": "libvncserver1-dbg"
        }
    ]
}

Ubuntu:18.04:LTS / vino

Package

Name: vino
Purl: pkg:deb/ubuntu/vino?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.22.0-3ubuntu1.1

Affected versions

3.*

3.8.1-0ubuntu12

3.22.0-2ubuntu1

3.22.0-3ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "3.22.0-3ubuntu1.1",
            "binary_name": "vino"
        },
        {
            "binary_version": "3.22.0-3ubuntu1.1",
            "binary_name": "vino-dbgsym"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / krfb

Package

Name: krfb
Purl: pkg:deb/ubuntu/krfb?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4:17.*

4:17.04.3-0ubuntu1

4:17.08.3-0ubuntu1

4:17.12.2-0ubuntu1

4:17.12.3-0ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:18.04:LTS / tightvnc

Package

Name: tightvnc
Purl: pkg:deb/ubuntu/tightvnc?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.10-0ubuntu3

1.3.10-0ubuntu4

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:18.04:LTS / x11vnc

Package

Name: x11vnc
Purl: pkg:deb/ubuntu/x11vnc?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.13-2

0.9.13-2build1

0.9.13-3

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:20.04:LTS / krfb

Package

Name: krfb
Purl: pkg:deb/ubuntu/krfb?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4:19.*

4:19.04.3-0ubuntu2

4:19.08.3-0ubuntu1

4:19.08.3-0ubuntu2

4:19.12.0-0ubuntu1

4:19.12.1-0ubuntu1

4:19.12.2-0ubuntu1

4:19.12.2-1

4:19.12.3-0ubuntu1

4:19.12.3-1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:20.04:LTS / libvncserver

Package

Name: libvncserver
Purl: pkg:deb/ubuntu/libvncserver?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.12+dfsg-8

Affected versions

0.*

0.9.11+dfsg-1.3

0.9.12+dfsg-3ubuntu3

0.9.12+dfsg-6

0.9.12+dfsg-7

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "0.9.12+dfsg-8",
            "binary_name": "libvncclient1"
        },
        {
            "binary_version": "0.9.12+dfsg-8",
            "binary_name": "libvncclient1-dbgsym"
        },
        {
            "binary_version": "0.9.12+dfsg-8",
            "binary_name": "libvncserver-dev"
        },
        {
            "binary_version": "0.9.12+dfsg-8",
            "binary_name": "libvncserver1"
        },
        {
            "binary_version": "0.9.12+dfsg-8",
            "binary_name": "libvncserver1-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / tightvnc

Package

Name: tightvnc
Purl: pkg:deb/ubuntu/tightvnc?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.10-0ubuntu5

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:20.04:LTS / veyon

Package

Name: veyon
Purl: pkg:deb/ubuntu/veyon?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.2.4+repack1-2

4.2.5+repack1-1

4.3.1+repack1-1

4.3.1+repack1-2

4.3.1+repack1-2build1

4.3.1+repack1-2build2

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:20.04:LTS / vino

Package

Name: vino
Purl: pkg:deb/ubuntu/vino?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.22.0-5ubuntu2.1

Affected versions

3.*

3.22.0-5ubuntu2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "3.22.0-5ubuntu2.1",
            "binary_name": "vino"
        },
        {
            "binary_version": "3.22.0-5ubuntu2.1",
            "binary_name": "vino-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / x11vnc

Package

Name: x11vnc
Purl: pkg:deb/ubuntu/x11vnc?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.13-6

0.9.16-3

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:22.04:LTS / krfb

Package

Name: krfb
Purl: pkg:deb/ubuntu/krfb?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4:21.*

4:21.08.1-0ubuntu1

4:21.08.3-0ubuntu1

4:21.11.80-0ubuntu1

4:21.11.90-0ubuntu1

4:21.11.90-0ubuntu2

4:21.12.0-0ubuntu1

4:21.12.1-0ubuntu1

4:21.12.2-0ubuntu1

4:21.12.3-0ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:22.04:LTS / tightvnc

Package

Name: tightvnc
Purl: pkg:deb/ubuntu/tightvnc?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:1.*

1:1.3.10-3

1:1.3.10-5

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:22.04:LTS / veyon

Package

Name: veyon
Purl: pkg:deb/ubuntu/veyon?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.5.3+repack1-1build1

4.5.3+repack1-1build2

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:22.04:LTS / x11vnc

Package

Name: x11vnc
Purl: pkg:deb/ubuntu/x11vnc?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.16-7

0.9.16-7build1

0.9.16-8

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:24.10 / krfb

Package

Name: krfb
Purl: pkg:deb/ubuntu/krfb?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4:23.*

4:23.08.5-0ubuntu3

4:23.08.5-0ubuntu4

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:24.10 / tightvnc

Package

Name: tightvnc
Purl: pkg:deb/ubuntu/tightvnc?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:1.*

1:1.3.10-8

1:1.3.10-9

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:24.10 / veyon

Package

Name: veyon
Purl: pkg:deb/ubuntu/veyon?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.7.5+repack1-1ubuntu5

4.7.5+repack1-1ubuntu6

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:24.10 / x11vnc

Package

Name: x11vnc
Purl: pkg:deb/ubuntu/x11vnc?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.16-10

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:24.04:LTS / krfb

Package

Name: krfb
Purl: pkg:deb/ubuntu/krfb?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4:23.*

4:23.08.1-0ubuntu1

4:23.08.2-0ubuntu1

4:23.08.3-0ubuntu1

4:23.08.4-0ubuntu1

4:23.08.5-0ubuntu1

4:23.08.5-0ubuntu2

4:23.08.5-0ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:24.04:LTS / tightvnc

Package

Name: tightvnc
Purl: pkg:deb/ubuntu/tightvnc?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:1.*

1:1.3.10-7

1:1.3.10-7build1

1:1.3.10-7build2

1:1.3.10-8

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:24.04:LTS / veyon

Package

Name: veyon
Purl: pkg:deb/ubuntu/veyon?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.7.5+repack1-1build2

4.7.5+repack1-1ubuntu1

4.7.5+repack1-1ubuntu3

4.7.5+repack1-1ubuntu4

4.7.5+repack1-1ubuntu5

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:24.04:LTS / x11vnc

Package

Name: x11vnc
Purl: pkg:deb/ubuntu/x11vnc?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.16-9

0.9.16-9ubuntu1

0.9.16-10

Ecosystem specific

{
    "ubuntu_priority": "low"
}