openSUSE Security Update : liblouis (openSUSE-2017-1120)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for liblouis fixes several issues.

These security issues were fixed :

- CVE-2017-13738: Prevent illegal address access in the
_lou_getALine function that allowed to cause remote DoS
(bsc#1056105).

- CVE-2017-13739: Prevent heap-based buffer overflow in
the function resolveSubtable() that could have caused
DoS or remote code execution (bsc#1056101).

- CVE-2017-13740: Prevent stack-based buffer overflow in
the function parseChars() that could have caused DoS or
possibly unspecified other impact (bsc#1056097)

- CVE-2017-13741: Prevent use-after-free in function
compileBrailleIndicator() that allowed to cause remote
DoS (bsc#1056095).

- CVE_2017-13742: Prevent stack-based buffer overflow in
function includeFile that allowed to cause remote DoS
(bsc#1056093).

- CVE-2017-13743: Prevent buffer overflow triggered in the
function _lou_showString() that allowed to cause remote
DoS (bsc#1056090).

- CVE-2017-13744: Prevent illegal address access in the
function _lou_getALine() that allowed to cause remote
DoS (bsc#1056088).

This update was imported from the SUSE:SLE-12-SP2:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1056088
https://bugzilla.opensuse.org/show_bug.cgi?id=1056090
https://bugzilla.opensuse.org/show_bug.cgi?id=1056093
https://bugzilla.opensuse.org/show_bug.cgi?id=1056095
https://bugzilla.opensuse.org/show_bug.cgi?id=1056097
https://bugzilla.opensuse.org/show_bug.cgi?id=1056101
https://bugzilla.opensuse.org/show_bug.cgi?id=1056105

Solution :

Update the affected liblouis packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 103660 ()

Bugtraq ID:

CVE ID: CVE-2017-13738
CVE-2017-13739
CVE-2017-13740
CVE-2017-13741
CVE-2017-13743
CVE-2017-13744

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now