liblouis-2.5.2-11.el7

エラータID: AXSA:2017-2395:01

Release date: 
Monday, November 6, 2017 - 14:09
Subject: 
liblouis-2.5.2-11.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables that support a rule or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg).

Security Fix(es):

* Multiple flaws were found in the processing of translation tables in liblouis. An attacker could crash or potentially execute arbitrary code using malicious translation tables. (CVE-2014-8184, CVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743, CVE-2017-13744)

The CVE-2014-8184 issue was discovered by Raphael Sanchez Prudencio (Asianux).

CVE-2014-8184
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-13738
There is an illegal address access in the _lou_getALine function in
compileTranslationTable.c:346 in Liblouis 3.2.0.
CVE-2017-13740
There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in
the function parseChars() in compileTranslationTable.c, that will lead
to denial of service or possibly unspecified other impact.
CVE-2017-13741
There is a use-after-free in the function compileBrailleIndicator() in
compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote
denial of service attack.
CVE-2017-13742
There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in
the function includeFile() in compileTranslationTable.c, that will lead
to a remote denial of service attack.
CVE-2017-13743
There is a buffer overflow in Liblouis 3.2.0, triggered in the function
_lou_showString() in utils.c, that will lead to a remote denial of
service attack.
CVE-2017-13744
There is an illegal address access in the function _lou_getALine() in
compileTranslationTable.c:343 in Liblouis 3.2.0.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. liblouis-2.5.2-11.el7.src.rpm
    MD5: d73349d12891c9a9ccad9c680ff152ca
    SHA-256: c1c142dcd4153ac4799f11c736d322c5936ade71549c6e35c82ff8c3bfc63c1f
    Size: 2.25 MB

Asianux Server 7 for x86_64
  1. liblouis-2.5.2-11.el7.x86_64.rpm
    MD5: 1b0d32f16d9277b6395f35a3691047dd
    SHA-256: 83fc92636fea9968387ce1b88c73bdc16c2fc7d4ed5bd86601fd156ff163f38c
    Size: 1.21 MB
  2. liblouis-python-2.5.2-11.el7.noarch.rpm
    MD5: bad7dd302a8c218e3f376764785da7eb
    SHA-256: 15b8dd4762f79b4c9892701f72ed1d4b1b7d91d11bf861a3e8adc9101d69f567
    Size: 11.35 kB
  3. liblouis-2.5.2-11.el7.i686.rpm
    MD5: 21940f53dbf663f8c44aa94da100011c
    SHA-256: 577c183cf7307f514b4d6e65b2b3db2e369f99cdf4d719709c7aa2f81730e119
    Size: 1.20 MB