Security update for liblouis SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:2639-1 Final 1 1 2017-10-03T16:18:57Z current 2017-10-03T16:18:57Z 2017-10-03T16:18:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for liblouis This update for liblouis fixes several issues. These security issues were fixed: - CVE-2017-13738: Prevent illegal address access in the _lou_getALine function that allowed to cause remote DoS (bsc#1056105). - CVE-2017-13739: Prevent heap-based buffer overflow in the function resolveSubtable() that could have caused DoS or remote code execution (bsc#1056101). - CVE-2017-13740: Prevent stack-based buffer overflow in the function parseChars() that could have caused DoS or possibly unspecified other impact (bsc#1056097) - CVE-2017-13741: Prevent use-after-free in function compileBrailleIndicator() that allowed to cause remote DoS (bsc#1056095). - CVE_2017-13742: Prevent stack-based buffer overflow in function includeFile that allowed to cause remote DoS (bsc#1056093). - CVE-2017-13743: Prevent buffer overflow triggered in the function _lou_showString() that allowed to cause remote DoS (bsc#1056090). - CVE-2017-13744: Prevent illegal address access in the function _lou_getALine() that allowed to cause remote DoS (bsc#1056088). This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-10/msg00008.html E-Mail link for openSUSE-SU-2017:2639-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 liblouis-2.6.4-6.1 liblouis-data-2.6.4-6.1 liblouis-devel-2.6.4-6.1 liblouis-doc-2.6.4-6.1 liblouis-tools-2.6.4-6.1 liblouis9-2.6.4-6.1 python-louis-2.6.4-6.1 liblouis-2.6.4-6.1 as a component of openSUSE Leap 42.2 liblouis-data-2.6.4-6.1 as a component of openSUSE Leap 42.2 liblouis-devel-2.6.4-6.1 as a component of openSUSE Leap 42.2 liblouis-doc-2.6.4-6.1 as a component of openSUSE Leap 42.2 liblouis-tools-2.6.4-6.1 as a component of openSUSE Leap 42.2 liblouis9-2.6.4-6.1 as a component of openSUSE Leap 42.2 python-louis-2.6.4-6.1 as a component of openSUSE Leap 42.2 liblouis-2.6.4-6.1 as a component of openSUSE Leap 42.3 liblouis-data-2.6.4-6.1 as a component of openSUSE Leap 42.3 liblouis-devel-2.6.4-6.1 as a component of openSUSE Leap 42.3 liblouis-doc-2.6.4-6.1 as a component of openSUSE Leap 42.3 liblouis-tools-2.6.4-6.1 as a component of openSUSE Leap 42.3 liblouis9-2.6.4-6.1 as a component of openSUSE Leap 42.3 python-louis-2.6.4-6.1 as a component of openSUSE Leap 42.3 There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0. CVE-2017-13738 openSUSE Leap 42.2:liblouis-2.6.4-6.1 openSUSE Leap 42.2:liblouis-data-2.6.4-6.1 openSUSE Leap 42.2:liblouis-devel-2.6.4-6.1 openSUSE Leap 42.2:liblouis-doc-2.6.4-6.1 openSUSE Leap 42.2:liblouis-tools-2.6.4-6.1 openSUSE Leap 42.2:liblouis9-2.6.4-6.1 openSUSE Leap 42.2:python-louis-2.6.4-6.1 openSUSE Leap 42.3:liblouis-2.6.4-6.1 openSUSE Leap 42.3:liblouis-data-2.6.4-6.1 openSUSE Leap 42.3:liblouis-devel-2.6.4-6.1 openSUSE Leap 42.3:liblouis-doc-2.6.4-6.1 openSUSE Leap 42.3:liblouis-tools-2.6.4-6.1 openSUSE Leap 42.3:liblouis9-2.6.4-6.1 openSUSE Leap 42.3:python-louis-2.6.4-6.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-10/msg00008.html https://www.suse.com/security/cve/CVE-2017-13738.html CVE-2017-13738 https://bugzilla.suse.com/1056105 SUSE Bug 1056105 There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to denial of service or remote code execution. CVE-2017-13739 openSUSE Leap 42.2:liblouis-2.6.4-6.1 openSUSE Leap 42.2:liblouis-data-2.6.4-6.1 openSUSE Leap 42.2:liblouis-devel-2.6.4-6.1 openSUSE Leap 42.2:liblouis-doc-2.6.4-6.1 openSUSE Leap 42.2:liblouis-tools-2.6.4-6.1 openSUSE Leap 42.2:liblouis9-2.6.4-6.1 openSUSE Leap 42.2:python-louis-2.6.4-6.1 openSUSE Leap 42.3:liblouis-2.6.4-6.1 openSUSE Leap 42.3:liblouis-data-2.6.4-6.1 openSUSE Leap 42.3:liblouis-devel-2.6.4-6.1 openSUSE Leap 42.3:liblouis-doc-2.6.4-6.1 openSUSE Leap 42.3:liblouis-tools-2.6.4-6.1 openSUSE Leap 42.3:liblouis9-2.6.4-6.1 openSUSE Leap 42.3:python-louis-2.6.4-6.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-10/msg00008.html https://www.suse.com/security/cve/CVE-2017-13739.html CVE-2017-13739 https://bugzilla.suse.com/1056101 SUSE Bug 1056101 There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact. CVE-2017-13740 openSUSE Leap 42.2:liblouis-2.6.4-6.1 openSUSE Leap 42.2:liblouis-data-2.6.4-6.1 openSUSE Leap 42.2:liblouis-devel-2.6.4-6.1 openSUSE Leap 42.2:liblouis-doc-2.6.4-6.1 openSUSE Leap 42.2:liblouis-tools-2.6.4-6.1 openSUSE Leap 42.2:liblouis9-2.6.4-6.1 openSUSE Leap 42.2:python-louis-2.6.4-6.1 openSUSE Leap 42.3:liblouis-2.6.4-6.1 openSUSE Leap 42.3:liblouis-data-2.6.4-6.1 openSUSE Leap 42.3:liblouis-devel-2.6.4-6.1 openSUSE Leap 42.3:liblouis-doc-2.6.4-6.1 openSUSE Leap 42.3:liblouis-tools-2.6.4-6.1 openSUSE Leap 42.3:liblouis9-2.6.4-6.1 openSUSE Leap 42.3:python-louis-2.6.4-6.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-10/msg00008.html https://www.suse.com/security/cve/CVE-2017-13740.html CVE-2017-13740 https://bugzilla.suse.com/1056097 SUSE Bug 1056097 There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack. CVE-2017-13741 openSUSE Leap 42.2:liblouis-2.6.4-6.1 openSUSE Leap 42.2:liblouis-data-2.6.4-6.1 openSUSE Leap 42.2:liblouis-devel-2.6.4-6.1 openSUSE Leap 42.2:liblouis-doc-2.6.4-6.1 openSUSE Leap 42.2:liblouis-tools-2.6.4-6.1 openSUSE Leap 42.2:liblouis9-2.6.4-6.1 openSUSE Leap 42.2:python-louis-2.6.4-6.1 openSUSE Leap 42.3:liblouis-2.6.4-6.1 openSUSE Leap 42.3:liblouis-data-2.6.4-6.1 openSUSE Leap 42.3:liblouis-devel-2.6.4-6.1 openSUSE Leap 42.3:liblouis-doc-2.6.4-6.1 openSUSE Leap 42.3:liblouis-tools-2.6.4-6.1 openSUSE Leap 42.3:liblouis9-2.6.4-6.1 openSUSE Leap 42.3:python-louis-2.6.4-6.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-10/msg00008.html https://www.suse.com/security/cve/CVE-2017-13741.html CVE-2017-13741 https://bugzilla.suse.com/1056095 SUSE Bug 1056095 There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack. CVE-2017-13743 openSUSE Leap 42.2:liblouis-2.6.4-6.1 openSUSE Leap 42.2:liblouis-data-2.6.4-6.1 openSUSE Leap 42.2:liblouis-devel-2.6.4-6.1 openSUSE Leap 42.2:liblouis-doc-2.6.4-6.1 openSUSE Leap 42.2:liblouis-tools-2.6.4-6.1 openSUSE Leap 42.2:liblouis9-2.6.4-6.1 openSUSE Leap 42.2:python-louis-2.6.4-6.1 openSUSE Leap 42.3:liblouis-2.6.4-6.1 openSUSE Leap 42.3:liblouis-data-2.6.4-6.1 openSUSE Leap 42.3:liblouis-devel-2.6.4-6.1 openSUSE Leap 42.3:liblouis-doc-2.6.4-6.1 openSUSE Leap 42.3:liblouis-tools-2.6.4-6.1 openSUSE Leap 42.3:liblouis9-2.6.4-6.1 openSUSE Leap 42.3:python-louis-2.6.4-6.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-10/msg00008.html https://www.suse.com/security/cve/CVE-2017-13743.html CVE-2017-13743 https://bugzilla.suse.com/1056090 SUSE Bug 1056090 There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0. CVE-2017-13744 openSUSE Leap 42.2:liblouis-2.6.4-6.1 openSUSE Leap 42.2:liblouis-data-2.6.4-6.1 openSUSE Leap 42.2:liblouis-devel-2.6.4-6.1 openSUSE Leap 42.2:liblouis-doc-2.6.4-6.1 openSUSE Leap 42.2:liblouis-tools-2.6.4-6.1 openSUSE Leap 42.2:liblouis9-2.6.4-6.1 openSUSE Leap 42.2:python-louis-2.6.4-6.1 openSUSE Leap 42.3:liblouis-2.6.4-6.1 openSUSE Leap 42.3:liblouis-data-2.6.4-6.1 openSUSE Leap 42.3:liblouis-devel-2.6.4-6.1 openSUSE Leap 42.3:liblouis-doc-2.6.4-6.1 openSUSE Leap 42.3:liblouis-tools-2.6.4-6.1 openSUSE Leap 42.3:liblouis9-2.6.4-6.1 openSUSE Leap 42.3:python-louis-2.6.4-6.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-10/msg00008.html https://www.suse.com/security/cve/CVE-2017-13744.html CVE-2017-13744 https://bugzilla.suse.com/1056088 SUSE Bug 1056088