Fedora 27: 2017-11-15 Moderate: liblouis Buffer Overflow Threat

Liblouis is an open-source braille translator and back-translator named in

honor of Louis Braille. It features support for computer and literary braille,

supports contracted and uncontracted translation for many languages and has

support for hyphenation. New languages can easily be added through tables that

support a rule- or dictionary based approach. Liblouis also supports math

braille (Nemeth and Marburg).

Liblouis has features to support screen-reading programs. This has led to its

use in two open-source screen readers, NVDA and Orca. It is also used in some

commercial assistive technology applications for example by ViewPlus.

Liblouis is based on the translation routines in the BRLTTY screen reader for

Linux. It has, however, gone far beyond these routines.

Security fix for CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741

CVE-2017-13742 CVE-2017-13743 CVE-2017-13744

[ 1 ] Bug #1488942 - CVE-2017-13743 liblouis: Buffer overflow in the function _lou_showString()

https://bugzilla.redhat.com/show_bug.cgi?id=1488942

[ 2 ] Bug #1488939 - CVE-2017-13742 liblouis: Stack-buffer overflow in the function includeFile()

https://bugzilla.redhat.com/show_bug.cgi?id=1488939

[ 3 ] Bug #1488938 - CVE-2017-13741 liblouis: Use-after-free in the function compileBrailleIndicator()

https://bugzilla.redhat.com/show_bug.cgi?id=1488938

[ 4 ] Bug #1488937 - CVE-2017-13740 liblouis: Stack-buffer overflow in the parseChars() function

https://bugzilla.redhat.com/show_bug.cgi?id=1488937

[ 5 ] Bug #1488936 - CVE-2017-13739 liblouis: Heap-buffer overflow resulting in an out-of-bounds write in resolveSubtable() function

https://bugzilla.redhat.com/show_bug.cgi?id=1488936

[ 6 ] Bug #1488935 - CVE-2017-13744 liblouis: Illegal address access in the _lou_getALine() function

https://bugzilla.redhat.com/show_bug.cgi?id=1488935

[ 7 ] Bug #1488933 - CVE-2017-13738 liblouis: Illegal address access in the _lou_getALine function

https://bugzilla.redhat.com/show_bug.cgi?id=1488933

su -c 'dnf upgrade liblouis' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org