Sicherheit: Preisgabe von Informationen in liblouis
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in liblouis
ID: FEDORA-2018-9a09435935
Distribution: Fedora
Plattformen: Fedora 27
Datum: Mo, 8. Oktober 2018, 07:55
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17294
Applikationen: liblouis


Fedora Update Notification
2018-10-07 21:10:49.841450

Name : liblouis
Product : Fedora 27
Version : 2.6.2
Release : 13.fc27
URL : http://liblouis.org
Summary : Braille translation and back-translation library
Description :
Liblouis is an open-source braille translator and back-translator named in
honor of Louis Braille. It features support for computer and literary braille,
supports contracted and uncontracted translation for many languages and has
support for hyphenation. New languages can easily be added through tables that
support a rule- or dictionary based approach. Liblouis also supports math
braille (Nemeth and Marburg).

Liblouis has features to support screen-reading programs. This has led to its
use in two open-source screen readers, NVDA and Orca. It is also used in some
commercial assistive technology applications for example by ViewPlus.

Liblouis is based on the translation routines in the BRLTTY screen reader for
Linux. It has, however, gone far beyond these routines.

Update Information:

Security fix for CVE-2018-17294

* Wed Sep 26 2018 Martin Gieseking <martin.gieseking@uos.de> - 2.6.2-13
- Added patch to fix CVE-2018-11683.
* Fri Nov 3 2017 Martin Gieseking <martin.gieseking@uos.de> - 2.6.2-12
- Applied security fixes from EL 7.4 (CVE-2014-8184, CVE-2017-13738,
CVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743, CVE-2017-13744)
- Dropped redundant parts of the spec file.
- Updated URL.

[ 1 ] Bug #1632834 - CVE-2018-17294 liblouis: Stack-based buffer over-read in
matchCurrentInput function lou_translateString.c

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-9a09435935' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux @Twitter
Neue Nachrichten