SUSE-SU-2019:13994-1

Опубликовано: 29 мар. 2019

Источник: suse-cvrf

Описание

Security update for liblouis

This update for liblouis and python-louis fixes the following issue:

Security issue fixed:

CVE-2018-17294: Fixed an out of bounds read in matchCurrentInput function which could allow a remote attacker to cause Denail of Service (bsc#1109319).

Список пакетов

SUSE Linux Enterprise Server 11 SP4

liblouis-1.7.0-1.3.16.1

liblouis0-1.7.0-1.3.16.1

python-louis-1.7.0-1.3.16.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4

liblouis-1.7.0-1.3.16.1

liblouis0-1.7.0-1.3.16.1

python-louis-1.7.0-1.3.16.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-201913994-1/
Link for SUSE-SU-2019:13994-1
https://lists.suse.com/pipermail/sle-security-updates/2019-March/005267.html
E-Mail link for SUSE-SU-2019:13994-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1109319
SUSE Bug 1109319
https://www.suse.com/security/cve/CVE-2018-17294/
SUSE CVE CVE-2018-17294 page

Описание

The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4:liblouis-1.7.0-1.3.16.1

SUSE Linux Enterprise Server 11 SP4:liblouis0-1.7.0-1.3.16.1

SUSE Linux Enterprise Server 11 SP4:python-louis-1.7.0-1.3.16.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4:liblouis-1.7.0-1.3.16.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-17294.html
CVE-2018-17294
https://bugzilla.suse.com/1109319
SUSE Bug 1109319

SUSE-SU-2019:13994-1

Описание

Список пакетов

SUSE Linux Enterprise Server 11 SP4

SUSE Linux Enterprise Server for SAP Applications 11 SP4

Ссылки

Уязвимость: CVE-2018-17294

Описание

Затронутые продукты

Ссылки