Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 27 FEDORA-2018-9a09435935 Critical: liblouis Buffer Over-Read

fedora
Calendar Grey October 7, 2018
Dist Fedora Esm H88
Resolving integer overflow vulnerabilities in liblouis for Fedora significantly improves safety and reliability for its users.
Security fix for CVE-2018-17294

Summary

Liblouis is an open-source braille translator and back-translator named in

honor of Louis Braille. It features support for computer and literary braille,

supports contracted and uncontracted translation for many languages and has

support for hyphenation. New languages can easily be added through tables that

support a rule- or dictionary based approach. Liblouis also supports math

braille (Nemeth and Marburg).

Liblouis has features to support screen-reading programs. This has led to its

use in two open-source screen readers, NVDA and Orca. It is also used in some

commercial assistive technology applications for example by ViewPlus.

Liblouis is based on the translation routines in the BRLTTY screen reader for

Linux. It has, however, gone far beyond these routines.

Security fix for CVE-2018-17294

* Wed Sep 26 2018 Martin Gieseking - 2.6.2-13

- Added patch to fix CVE-2018-11683.

* Fri Nov 3 2017 Martin Gieseking - 2.6.2-12

- Applied security fixes from EL 7.4 (CVE-2014-8184, CVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743, CVE-2017-13744)

- Dropped redundant parts of the spec file.

- Updated URL.

[ 1 ] Bug #1632834 - CVE-2018-17294 liblouis: Stack-based buffer over-read in matchCurrentInput function lou_translateString.c

https://bugzilla.redhat.com/show_bug.cgi?id=1632834

su -c 'dnf upgrade --advisory FEDORA-2018-9a09435935' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory critical Fedora security fix buffer over-read liblouis

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 27
Version: 2.6.2
Release: 13.fc27
URL: Summary : Braille translation and back-translation library

Topics%20covered

Topics Covered

security advisory critical Fedora security fix buffer over-read liblouis

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here