{"id":"USN-4772-1","summary":"vnc4 vulnerabilities","details":"\nUSN-2500-1 addressed CVE-2015-0255 for xorg-server. This update provides\nthe corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.\n(CVE-2015-0255)\n\nUSN-2726-1 addressed CVE-2015-1283 for Expat. This update provides the\ncorresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.\n(CVE-2015-1283)\n\nOriginal advisory details:\n\n Olivier Fourdan discovered that the X.Org X server incorrectly handled\n XkbSetGeometry requests resulting in an information leak. An attacker able\n to connect to an X server, either locally or remotely, could use this issue\n to possibly obtain sensitive information. (CVE-2015-0255)\n\n It was discovered that Expat incorrectly handled malformed XML data. If a\n user or application linked against Expat were tricked into opening a\n crafted XML file, an attacker could cause a denial of service, or possibly\n execute arbitrary code. (CVE-2015-1283)\n","modified":"2026-02-10T04:42:05Z","published":"2021-03-15T20:16:26Z","related":["UBUNTU-CVE-2015-0255","UBUNTU-CVE-2015-1283"],"upstream":["CVE-2015-0255","CVE-2015-1283","UBUNTU-CVE-2015-0255","UBUNTU-CVE-2015-1283"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4772-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0255"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1283"}],"affected":[{"package":{"name":"vnc4","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/vnc4@4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1"}]}],"versions":["4.1.1+xorg4.3.0-37ubuntu5","4.1.1+xorg4.3.0-37ubuntu5.0.1","4.1.1+xorg4.3.0-37ubuntu5.0.2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1","binary_name":"vnc4server"},{"binary_version":"4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1","binary_name":"xvnc4viewer"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:14.04:LTS","cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-0255"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1283"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4772-1.json"}},{"package":{"name":"vnc4","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/vnc4@4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1"}]}],"versions":["4.1.1+xorg4.3.0-37.3ubuntu2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1","binary_name":"vnc4server"},{"binary_version":"4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1","binary_name":"xvnc4viewer"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-0255"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1283"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4772-1.json"}}],"schema_version":"1.7.3"}