Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:3107-1

Опубликовано: 30 окт. 2020
Источник: suse-cvrf

Описание

Security update for liblouis

This update for liblouis, python-luis and python3-louis fixes the following issue:

Security issue fixed:

  • CVE-2018-17294: Fixed an out of bounds read in matchCurrentInput function which could allow a remote attacker to cause Denail of Service (bsc#1109319).

Список пакетов

SUSE Linux Enterprise Server 12 SP5
liblouis-data-2.6.4-6.9.24
liblouis9-2.6.4-6.9.24
python-louis-2.6.4-6.9.39
python3-louis-2.6.4-6.9.41
SUSE Linux Enterprise Server for SAP Applications 12 SP5
liblouis-data-2.6.4-6.9.24
liblouis9-2.6.4-6.9.24
python-louis-2.6.4-6.9.39
python3-louis-2.6.4-6.9.41
SUSE Linux Enterprise Software Development Kit 12 SP5
liblouis-devel-2.6.4-6.9.24

Ссылки

Описание

The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:liblouis-data-2.6.4-6.9.24
SUSE Linux Enterprise Server 12 SP5:liblouis9-2.6.4-6.9.24
SUSE Linux Enterprise Server 12 SP5:python-louis-2.6.4-6.9.39
SUSE Linux Enterprise Server 12 SP5:python3-louis-2.6.4-6.9.41
Ссылки