Описание
Security update for liblouis
This update for liblouis fixes the following issues:
Security issues fixed:
- CVE-2018-17294: Fixed an out of bounds read in matchCurrentInput function which could allow a remote attacker to cause Denail of Service (bsc#1109319).
- CVE-2018-11410: Fixed an invalid free in the compileRule function in compileTranslationTable.c (bsc#1094685)
- CVE-2018-11440: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (bsc#1095189)
- CVE-2018-11577: Fixed a segmentation fault in lou_logPrint in logging.c (bsc#1095945)
- CVE-2018-11683: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1095827)
- CVE-2018-11684: Fixed stack-based buffer overflow in the function includeFile() in compileTranslationTable.c (bsc#1095826)
- CVE-2018-11685: Fixed a stack-based buffer overflow in the function compileHyphenation() in compileTranslationTable.c (bsc#1095825)
- CVE-2018-12085: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1097103)
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15
Ссылки
- Link for SUSE-SU-2019:0795-1
- E-Mail link for SUSE-SU-2019:0795-1
- SUSE Security Ratings
- SUSE Bug 1094685
- SUSE Bug 1095189
- SUSE Bug 1095825
- SUSE Bug 1095826
- SUSE Bug 1095827
- SUSE Bug 1095945
- SUSE Bug 1097103
- SUSE Bug 1109319
- SUSE CVE CVE-2018-11410 page
- SUSE CVE CVE-2018-11440 page
- SUSE CVE CVE-2018-11577 page
- SUSE CVE CVE-2018-11683 page
- SUSE CVE CVE-2018-11684 page
- SUSE CVE CVE-2018-11685 page
- SUSE CVE CVE-2018-12085 page
- SUSE CVE CVE-2018-17294 page
Описание
An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2018-11410
- SUSE Bug 1094685
Описание
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.
Затронутые продукты
Ссылки
- CVE-2018-11440
- SUSE Bug 1095189
- SUSE Bug 1095827
- SUSE Bug 1096665
- SUSE Bug 1097103
Описание
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.
Затронутые продукты
Ссылки
- CVE-2018-11577
- SUSE Bug 1095945
Описание
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
Затронутые продукты
Ссылки
- CVE-2018-11683
- SUSE Bug 1095827
- SUSE Bug 1096665
Описание
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.
Затронутые продукты
Ссылки
- CVE-2018-11684
- SUSE Bug 1095826
Описание
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.
Затронутые продукты
Ссылки
- CVE-2018-11685
- SUSE Bug 1095825
Описание
Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
Затронутые продукты
Ссылки
- CVE-2018-12085
- SUSE Bug 1097103
Описание
The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.
Затронутые продукты
Ссылки
- CVE-2018-17294
- SUSE Bug 1109319