USN-2500-1 addressed CVE-2015-0255 for xorg-server. This update provides the corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2015-0255)
USN-2726-1 addressed CVE-2015-1283 for Expat. This update provides the corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2015-1283)
Original advisory details:
Olivier Fourdan discovered that the X.Org X server incorrectly handled XkbSetGeometry requests resulting in an information leak. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. (CVE-2015-0255)
It was discovered that Expat incorrectly handled malformed XML data. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2015-1283)
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_version": "4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1", "binary_name": "vnc4server" }, { "binary_version": "4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1", "binary_name": "vnc4server-dbgsym" }, { "binary_version": "4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1", "binary_name": "xvnc4viewer" }, { "binary_version": "4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1", "binary_name": "xvnc4viewer-dbgsym" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_version": "4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1", "binary_name": "vnc4server" }, { "binary_version": "4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1", "binary_name": "vnc4server-dbgsym" }, { "binary_version": "4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1", "binary_name": "xvnc4viewer" }, { "binary_version": "4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1", "binary_name": "xvnc4viewer-dbgsym" } ] }