Security update for liblouis SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2819-1 Final 1 1 2018-09-24T06:08:39Z current 2018-09-24T06:08:39Z 2018-09-24T06:08:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for liblouis This update for liblouis fixes the following issues: Security issues fixed: - CVE-2018-11440: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (bsc#1095189) - CVE-2018-11577: Fixed a segmentation fault in lou_logPrint in logging.c (bsc#1095945) - CVE-2018-11683: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1095827) - CVE-2018-11684: Fixed stack-based buffer overflow in the function includeFile() in compileTranslationTable.c (bsc#1095826) - CVE-2018-11685: Fixed a stack-based buffer overflow in the function compileHyphenation() in compileTranslationTable.c (bsc#1095825) - CVE-2018-12085: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1097103) This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00067.html E-Mail link for openSUSE-SU-2018:2819-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 liblouis-2.6.4-9.1 liblouis-data-2.6.4-9.1 liblouis-devel-2.6.4-9.1 liblouis-doc-2.6.4-9.1 liblouis-tools-2.6.4-9.1 liblouis9-2.6.4-9.1 python-louis-2.6.4-9.1 liblouis-2.6.4-9.1 as a component of openSUSE Leap 42.3 liblouis-data-2.6.4-9.1 as a component of openSUSE Leap 42.3 liblouis-devel-2.6.4-9.1 as a component of openSUSE Leap 42.3 liblouis-doc-2.6.4-9.1 as a component of openSUSE Leap 42.3 liblouis-tools-2.6.4-9.1 as a component of openSUSE Leap 42.3 liblouis9-2.6.4-9.1 as a component of openSUSE Leap 42.3 python-louis-2.6.4-9.1 as a component of openSUSE Leap 42.3 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c. CVE-2018-11440 openSUSE Leap 42.3:liblouis-2.6.4-9.1 openSUSE Leap 42.3:liblouis-data-2.6.4-9.1 openSUSE Leap 42.3:liblouis-devel-2.6.4-9.1 openSUSE Leap 42.3:liblouis-doc-2.6.4-9.1 openSUSE Leap 42.3:liblouis-tools-2.6.4-9.1 openSUSE Leap 42.3:liblouis9-2.6.4-9.1 openSUSE Leap 42.3:python-louis-2.6.4-9.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00067.html https://www.suse.com/security/cve/CVE-2018-11440.html CVE-2018-11440 https://bugzilla.suse.com/1095189 SUSE Bug 1095189 https://bugzilla.suse.com/1095827 SUSE Bug 1095827 https://bugzilla.suse.com/1096665 SUSE Bug 1096665 https://bugzilla.suse.com/1097103 SUSE Bug 1097103 Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. CVE-2018-11577 openSUSE Leap 42.3:liblouis-2.6.4-9.1 openSUSE Leap 42.3:liblouis-data-2.6.4-9.1 openSUSE Leap 42.3:liblouis-devel-2.6.4-9.1 openSUSE Leap 42.3:liblouis-doc-2.6.4-9.1 openSUSE Leap 42.3:liblouis-tools-2.6.4-9.1 openSUSE Leap 42.3:liblouis9-2.6.4-9.1 openSUSE Leap 42.3:python-louis-2.6.4-9.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00067.html https://www.suse.com/security/cve/CVE-2018-11577.html CVE-2018-11577 https://bugzilla.suse.com/1095945 SUSE Bug 1095945 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. CVE-2018-11683 openSUSE Leap 42.3:liblouis-2.6.4-9.1 openSUSE Leap 42.3:liblouis-data-2.6.4-9.1 openSUSE Leap 42.3:liblouis-devel-2.6.4-9.1 openSUSE Leap 42.3:liblouis-doc-2.6.4-9.1 openSUSE Leap 42.3:liblouis-tools-2.6.4-9.1 openSUSE Leap 42.3:liblouis9-2.6.4-9.1 openSUSE Leap 42.3:python-louis-2.6.4-9.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00067.html https://www.suse.com/security/cve/CVE-2018-11683.html CVE-2018-11683 https://bugzilla.suse.com/1095827 SUSE Bug 1095827 https://bugzilla.suse.com/1096665 SUSE Bug 1096665 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c. CVE-2018-11684 openSUSE Leap 42.3:liblouis-2.6.4-9.1 openSUSE Leap 42.3:liblouis-data-2.6.4-9.1 openSUSE Leap 42.3:liblouis-devel-2.6.4-9.1 openSUSE Leap 42.3:liblouis-doc-2.6.4-9.1 openSUSE Leap 42.3:liblouis-tools-2.6.4-9.1 openSUSE Leap 42.3:liblouis9-2.6.4-9.1 openSUSE Leap 42.3:python-louis-2.6.4-9.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00067.html https://www.suse.com/security/cve/CVE-2018-11684.html CVE-2018-11684 https://bugzilla.suse.com/1095826 SUSE Bug 1095826 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c. CVE-2018-11685 openSUSE Leap 42.3:liblouis-2.6.4-9.1 openSUSE Leap 42.3:liblouis-data-2.6.4-9.1 openSUSE Leap 42.3:liblouis-devel-2.6.4-9.1 openSUSE Leap 42.3:liblouis-doc-2.6.4-9.1 openSUSE Leap 42.3:liblouis-tools-2.6.4-9.1 openSUSE Leap 42.3:liblouis9-2.6.4-9.1 openSUSE Leap 42.3:python-louis-2.6.4-9.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00067.html https://www.suse.com/security/cve/CVE-2018-11685.html CVE-2018-11685 https://bugzilla.suse.com/1095825 SUSE Bug 1095825 Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. CVE-2018-12085 openSUSE Leap 42.3:liblouis-2.6.4-9.1 openSUSE Leap 42.3:liblouis-data-2.6.4-9.1 openSUSE Leap 42.3:liblouis-devel-2.6.4-9.1 openSUSE Leap 42.3:liblouis-doc-2.6.4-9.1 openSUSE Leap 42.3:liblouis-tools-2.6.4-9.1 openSUSE Leap 42.3:liblouis9-2.6.4-9.1 openSUSE Leap 42.3:python-louis-2.6.4-9.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00067.html https://www.suse.com/security/cve/CVE-2018-12085.html CVE-2018-12085 https://bugzilla.suse.com/1097103 SUSE Bug 1097103