Fedora: 2018-70fac49405 Critical: Buffer Over-Read in Liblouis

Liblouis is an open-source braille translator and back-translator named in

honor of Louis Braille. It features support for computer and literary braille,

supports contracted and uncontracted translation for many languages and has

support for hyphenation. New languages can easily be added through tables that

support a rule- or dictionary based approach. Liblouis also supports math

braille (Nemeth and Marburg).

Liblouis has features to support screen-reading programs. This has led to its

use in two open-source screen readers, NVDA and Orca. It is also used in some

commercial assistive technology applications for example by ViewPlus.

Liblouis is based on the translation routines in the BRLTTY screen reader for

Linux. It has, however, gone far beyond these routines.

Security fix for CVE-2018-17294

* Wed Sep 26 2018 Martin Gieseking - 2.6.2-16

- Added patch to fix CVE-2018-12085 (BZ #1589943)

[ 1 ] Bug #1632834 - CVE-2018-17294 liblouis: Stack-based buffer over-read in matchCurrentInput function lou_translateString.c

https://bugzilla.redhat.com/show_bug.cgi?id=1632834

su -c 'dnf upgrade --advisory FEDORA-2018-70fac49405' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/