Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 26: Liblouis Critical Buffer Overflow Fixes for Security Issues

fedora
Calendar Grey November 15, 2017
Dist Fedora Esm H88
Update issued addressing several buffer overflow vulnerabilities in liblouis for Fedora 26, aimed at improving both security and system reliability.
Security fix for CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13742 CVE-2017-13743 CVE-2017-13744

Summary

Liblouis is an open-source braille translator and back-translator named in

honor of Louis Braille. It features support for computer and literary braille,

supports contracted and uncontracted translation for many languages and has

support for hyphenation. New languages can easily be added through tables that

support a rule- or dictionary based approach. Liblouis also supports math

braille (Nemeth and Marburg).

Liblouis has features to support screen-reading programs. This has led to its

use in two open-source screen readers, NVDA and Orca. It is also used in some

commercial assistive technology applications for example by ViewPlus.

Liblouis is based on the translation routines in the BRLTTY screen reader for

Linux. It has, however, gone far beyond these routines.

Security fix for CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741

CVE-2017-13742 CVE-2017-13743 CVE-2017-13744

[ 1 ] Bug #1488942 - CVE-2017-13743 liblouis: Buffer overflow in the function _lou_showString()

https://bugzilla.redhat.com/show_bug.cgi?id=1488942

[ 2 ] Bug #1488939 - CVE-2017-13742 liblouis: Stack-buffer overflow in the function includeFile()

https://bugzilla.redhat.com/show_bug.cgi?id=1488939

[ 3 ] Bug #1488938 - CVE-2017-13741 liblouis: Use-after-free in the function compileBrailleIndicator()

https://bugzilla.redhat.com/show_bug.cgi?id=1488938

[ 4 ] Bug #1488937 - CVE-2017-13740 liblouis: Stack-buffer overflow in the parseChars() function

https://bugzilla.redhat.com/show_bug.cgi?id=1488937

[ 5 ] Bug #1488936 - CVE-2017-13739 liblouis: Heap-buffer overflow resulting in an out-of-bounds write in resolveSubtable() function

https://bugzilla.redhat.com/show_bug.cgi?id=1488936

[ 6 ] Bug #1488935 - CVE-2017-13744 liblouis: Illegal address access in the _lou_getALine() function

https://bugzilla.redhat.com/show_bug.cgi?id=1488935

[ 7 ] Bug #1488933 - CVE-2017-13738 liblouis: Illegal address access in the _lou_getALine function

https://bugzilla.redhat.com/show_bug.cgi?id=1488933

su -c 'dnf upgrade liblouis' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory critical issue update buffer overflow Fedora security fix liblouis

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 26
Version: 2.6.2
Release: 12.fc26
URL: Summary : Braille translation and back-translation library

Topics%20covered

Topics Covered

security advisory critical issue update buffer overflow Fedora security fix liblouis

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here