Описание
Security update for liblouis
This update for liblouis fixes several issues.
These security issues were fixed:
- CVE-2017-13738: Prevent illegal address access in the _lou_getALine function that allowed to cause remote DoS (bsc#1056105).
- CVE-2017-13739: Prevent heap-based buffer overflow in the function resolveSubtable() that could have caused DoS or remote code execution (bsc#1056101).
- CVE-2017-13740: Prevent stack-based buffer overflow in the function parseChars() that could have caused DoS or possibly unspecified other impact (bsc#1056097)
- CVE-2017-13741: Prevent use-after-free in function compileBrailleIndicator() that allowed to cause remote DoS (bsc#1056095).
- CVE_2017-13742: Prevent stack-based buffer overflow in function includeFile that allowed to cause remote DoS (bsc#1056093).
- CVE-2017-13743: Prevent buffer overflow triggered in the function _lou_showString() that allowed to cause remote DoS (bsc#1056090).
- CVE-2017-13744: Prevent illegal address access in the function _lou_getALine() that allowed to cause remote DoS (bsc#1056088).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
Ссылки
- Link for SUSE-SU-2017:2570-1
- E-Mail link for SUSE-SU-2017:2570-1
- SUSE Security Ratings
- SUSE Bug 1056088
- SUSE Bug 1056090
- SUSE Bug 1056093
- SUSE Bug 1056095
- SUSE Bug 1056097
- SUSE Bug 1056101
- SUSE Bug 1056105
- SUSE CVE CVE-2017-13738 page
- SUSE CVE CVE-2017-13739 page
- SUSE CVE CVE-2017-13740 page
- SUSE CVE CVE-2017-13741 page
- SUSE CVE CVE-2017-13743 page
- SUSE CVE CVE-2017-13744 page
Описание
There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0.
Затронутые продукты
Ссылки
- CVE-2017-13738
- SUSE Bug 1056105
Описание
There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to denial of service or remote code execution.
Затронутые продукты
Ссылки
- CVE-2017-13739
- SUSE Bug 1056101
Описание
There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2017-13740
- SUSE Bug 1056097
Описание
There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack.
Затронутые продукты
Ссылки
- CVE-2017-13741
- SUSE Bug 1056095
Описание
There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack.
Затронутые продукты
Ссылки
- CVE-2017-13743
- SUSE Bug 1056090
Описание
There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0.
Затронутые продукты
Ссылки
- CVE-2017-13744
- SUSE Bug 1056088