Security update for liblouis SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2017:2590-1 Final 1 1 2017-09-28T11:13:26Z current 2017-09-28T11:13:26Z 2017-09-28T11:13:26Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for liblouis This update for liblouis fixes several issues. These security issues were fixed: - CVE-2017-13739: Prevent heap-based buffer overflow in the function resolveSubtable() that could have caused DoS or remote code execution (bsc#1056101) - CVE-2017-13740: Prevent stack-based buffer overflow in the function parseChars() that could have caused DoS or possibly unspecified other impact (bsc#1056097) () - CVE-2017-13741: Prevent use-after-free in function compileBrailleIndicator() that allowed to cause remote DoS (bsc#1056095) - CVE_2017-13742: Prevent stack-based buffer overflow in function includeFile that allowed to cause remote DoS (bsc#1056093). - CVE-2017-13743: Prevent buffer overflow triggered in the function _lou_showString() that allowed to cause remote DoS (bsc#1056090) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). slessp4-liblouis-13291 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2017/suse-su-20172590-1/ Link for SUSE-SU-2017:2590-1 https://lists.suse.com/pipermail/sle-security-updates/2017-September/003262.html E-Mail link for SUSE-SU-2017:2590-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1056090 SUSE Bug 1056090 https://bugzilla.suse.com/1056093 SUSE Bug 1056093 https://bugzilla.suse.com/1056095 SUSE Bug 1056095 https://bugzilla.suse.com/1056097 SUSE Bug 1056097 https://bugzilla.suse.com/1056101 SUSE Bug 1056101 https://www.suse.com/security/cve/CVE-2017-13739/ SUSE CVE CVE-2017-13739 page https://www.suse.com/security/cve/CVE-2017-13740/ SUSE CVE CVE-2017-13740 page https://www.suse.com/security/cve/CVE-2017-13741/ SUSE CVE CVE-2017-13741 page https://www.suse.com/security/cve/CVE-2017-13743/ SUSE CVE CVE-2017-13743 page SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 liblouis-1.7.0-1.3.3.1 liblouis0-1.7.0-1.3.3.1 python-louis-1.7.0-1.3.3.1 liblouis-1.7.0-1.3.3.1 as a component of SUSE Linux Enterprise Server 11 SP4 liblouis0-1.7.0-1.3.3.1 as a component of SUSE Linux Enterprise Server 11 SP4 python-louis-1.7.0-1.3.3.1 as a component of SUSE Linux Enterprise Server 11 SP4 liblouis-1.7.0-1.3.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 liblouis0-1.7.0-1.3.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 python-louis-1.7.0-1.3.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to denial of service or remote code execution. CVE-2017-13739 SUSE Linux Enterprise Server 11 SP4:liblouis-1.7.0-1.3.3.1 SUSE Linux Enterprise Server 11 SP4:liblouis0-1.7.0-1.3.3.1 SUSE Linux Enterprise Server 11 SP4:python-louis-1.7.0-1.3.3.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:liblouis-1.7.0-1.3.3.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:liblouis0-1.7.0-1.3.3.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-louis-1.7.0-1.3.3.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20172590-1/ https://www.suse.com/security/cve/CVE-2017-13739.html CVE-2017-13739 https://bugzilla.suse.com/1056101 SUSE Bug 1056101 There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact. CVE-2017-13740 SUSE Linux Enterprise Server 11 SP4:liblouis-1.7.0-1.3.3.1 SUSE Linux Enterprise Server 11 SP4:liblouis0-1.7.0-1.3.3.1 SUSE Linux Enterprise Server 11 SP4:python-louis-1.7.0-1.3.3.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:liblouis-1.7.0-1.3.3.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:liblouis0-1.7.0-1.3.3.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-louis-1.7.0-1.3.3.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20172590-1/ https://www.suse.com/security/cve/CVE-2017-13740.html CVE-2017-13740 https://bugzilla.suse.com/1056097 SUSE Bug 1056097 There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack. CVE-2017-13741 SUSE Linux Enterprise Server 11 SP4:liblouis-1.7.0-1.3.3.1 SUSE Linux Enterprise Server 11 SP4:liblouis0-1.7.0-1.3.3.1 SUSE Linux Enterprise Server 11 SP4:python-louis-1.7.0-1.3.3.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:liblouis-1.7.0-1.3.3.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:liblouis0-1.7.0-1.3.3.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-louis-1.7.0-1.3.3.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20172590-1/ https://www.suse.com/security/cve/CVE-2017-13741.html CVE-2017-13741 https://bugzilla.suse.com/1056095 SUSE Bug 1056095 There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack. CVE-2017-13743 SUSE Linux Enterprise Server 11 SP4:liblouis-1.7.0-1.3.3.1 SUSE Linux Enterprise Server 11 SP4:liblouis0-1.7.0-1.3.3.1 SUSE Linux Enterprise Server 11 SP4:python-louis-1.7.0-1.3.3.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:liblouis-1.7.0-1.3.3.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:liblouis0-1.7.0-1.3.3.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:python-louis-1.7.0-1.3.3.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20172590-1/ https://www.suse.com/security/cve/CVE-2017-13743.html CVE-2017-13743 https://bugzilla.suse.com/1056090 SUSE Bug 1056090