openSUSE Security Update: Security update for liblouis ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:2639-1 Rating: moderate References: #1056088 #1056090 #1056093 #1056095 #1056097 #1056101 #1056105 Cross-References: CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13743 CVE-2017-13744 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for liblouis fixes several issues. These security issues were fixed: - CVE-2017-13738: Prevent illegal address access in the _lou_getALine function that allowed to cause remote DoS (bsc#1056105). - CVE-2017-13739: Prevent heap-based buffer overflow in the function resolveSubtable() that could have caused DoS or remote code execution (bsc#1056101). - CVE-2017-13740: Prevent stack-based buffer overflow in the function parseChars() that could have caused DoS or possibly unspecified other impact (bsc#1056097) - CVE-2017-13741: Prevent use-after-free in function compileBrailleIndicator() that allowed to cause remote DoS (bsc#1056095). - CVE_2017-13742: Prevent stack-based buffer overflow in function includeFile that allowed to cause remote DoS (bsc#1056093). - CVE-2017-13743: Prevent buffer overflow triggered in the function _lou_showString() that allowed to cause remote DoS (bsc#1056090). - CVE-2017-13744: Prevent illegal address access in the function _lou_getALine() that allowed to cause remote DoS (bsc#1056088). This update was imported from the SUSE:SLE-12-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1120=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-1120=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): liblouis-data-2.6.4-6.1 liblouis-debugsource-2.6.4-6.1 liblouis-devel-2.6.4-6.1 liblouis-doc-2.6.4-6.1 liblouis-tools-2.6.4-6.1 liblouis-tools-debuginfo-2.6.4-6.1 liblouis9-2.6.4-6.1 liblouis9-debuginfo-2.6.4-6.1 python-louis-2.6.4-6.1 - openSUSE Leap 42.2 (i586 x86_64): liblouis-data-2.6.4-3.3.1 liblouis-debugsource-2.6.4-3.3.1 liblouis-devel-2.6.4-3.3.1 liblouis-doc-2.6.4-3.3.1 liblouis-tools-2.6.4-3.3.1 liblouis-tools-debuginfo-2.6.4-3.3.1 liblouis9-2.6.4-3.3.1 liblouis9-debuginfo-2.6.4-3.3.1 python-louis-2.6.4-3.3.1 References: https://www.suse.com/security/cve/CVE-2017-13738.html https://www.suse.com/security/cve/CVE-2017-13739.html https://www.suse.com/security/cve/CVE-2017-13740.html https://www.suse.com/security/cve/CVE-2017-13741.html https://www.suse.com/security/cve/CVE-2017-13743.html https://www.suse.com/security/cve/CVE-2017-13744.html https://bugzilla.suse.com/1056088 https://bugzilla.suse.com/1056090 https://bugzilla.suse.com/1056093 https://bugzilla.suse.com/1056095 https://bugzilla.suse.com/1056097 https://bugzilla.suse.com/1056101 https://bugzilla.suse.com/1056105