Overview

File _patchinfo of Package patchinfo.8510

<patchinfo incident="8510">
  <issue tracker="bnc" id="1109319">VUL-1: CVE-2018-17294: liblouis: The matchCurrentInput function inside lou_translateString.c does not check the input string's length leading to DOS</issue>
  <issue tracker="bnc" id="1094685">VUL-1: CVE-2018-11410: liblouis: There is a invalid free in compileFile in compileTranslationTable.c.</issue>
  <issue tracker="bnc" id="1097103">VUL-1: CVE-2018-12085: liblouis: stack-based buffer overflow compileTranslationTable.c</issue>
  <issue tracker="bnc" id="1095945">VUL-1: CVE-2018-11577: liblouis: Segmentation fault in logging.c:lou_logPrint()</issue>
  <issue tracker="bnc" id="1095826">VUL-1: CVE-2018-11684: liblouis: stack-based Buffer Overflow in the function includeFile</issue>
  <issue tracker="bnc" id="1095827">VUL-1: CVE-2018-11683: liblouis: stack-based Buffer Overflow in the function parseChars</issue>
  <issue tracker="bnc" id="1095825">VUL-1: CVE-2018-11685: liblouis: stack-based Buffer Overflow in function compileHyphenation</issue>
  <issue tracker="bnc" id="1095189">VUL-1: CVE-2018-11440: liblouis: Stack-based Buffer Overflow in parseChars function in compileTranslationTable.c</issue>
  <issue tracker="cve" id="2018-17294"/>
  <issue tracker="cve" id="2018-11684"/>
  <issue tracker="cve" id="2018-11685"/>
  <issue tracker="cve" id="2018-11683"/>
  <issue tracker="cve" id="2018-11410"/>
  <issue tracker="cve" id="2018-11440"/>
  <issue tracker="cve" id="2018-11577"/>
  <issue tracker="cve" id="2018-12085"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>mgorse</packager>
  <description>This update for liblouis fixes the following issues:

Security issues fixed:

- CVE-2018-17294: Fixed an out of bounds read in matchCurrentInput function 
  which could allow a remote attacker to cause Denail of Service (bsc#1109319).
- CVE-2018-11410: Fixed an invalid free in the compileRule function in
  compileTranslationTable.c (bsc#1094685)
- CVE-2018-11440: Fixed a stack-based buffer overflow in the function
  parseChars() in compileTranslationTable.c (bsc#1095189)
- CVE-2018-11577: Fixed a segmentation fault in lou_logPrint in logging.c
  (bsc#1095945)
- CVE-2018-11683: Fixed a stack-based buffer overflow in the function
  parseChars() in compileTranslationTable.c (different vulnerability than
  CVE-2018-11440) (bsc#1095827)
- CVE-2018-11684: Fixed stack-based buffer overflow in the function
  includeFile() in compileTranslationTable.c (bsc#1095826)
- CVE-2018-11685: Fixed a stack-based buffer overflow in the function
  compileHyphenation() in compileTranslationTable.c (bsc#1095825)
- CVE-2018-12085: Fixed a stack-based buffer overflow in the function
  parseChars() in compileTranslationTable.c (different vulnerability than
  CVE-2018-11440) (bsc#1097103)
</description>
  <summary>Security update for liblouis</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places