UbuntuUpdates.org

Package "liblouis"

Name: liblouis

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Braille translation library - data
  • Braille translation library - static libs and headers
  • Braille translation library - shared libs
  • Python bindings for liblouis

Latest version: 3.20.0-2ubuntu0.2
Release: jammy (22.04)
Level: updates
Repository: main

Links



Other versions of "liblouis" in Jammy

Repository Area Version
base main 3.20.0-2
base universe 3.20.0-2
security main 3.20.0-2ubuntu0.2
security universe 3.20.0-2ubuntu0.2
updates universe 3.20.0-2ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.20.0-2ubuntu0.2 2023-04-04 18:06:55 UTC

  liblouis (3.20.0-2ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2023-26767.patch: check the length
      of path before copying indo dataPath in
      liblouis/compileTranslationTable.c, liblouis/liblouis.h.in.
    - CVE-2023-26767
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2023-26768-1.patch: check filename before
      coping to initialLogFileName in liblouis/logging.c.
    - debian/patches/CVE-2023-26768-2.patch: replace the magic
      number with a define in liblouis/logging.c.
    - CVE-2023-26768
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2023-26769-1.patch: check path length
      before coping into tableFile in liblouis/compileTranslationTable.c.
    - debian/patches/CVE-2023-26769-2.patch: fix format in
      liblouis/compileTranslationTable.c.
    - debian/patches/CVE-2023-26769-3.patch: add parentheses for
      define expression in liblouis/compileTranslationTable.c.
    - CVE-2023-26769

 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 17 Mar 2023 15:16:23 -0300

Source diff to previous version
CVE-2023-26767 Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at loggin
CVE-2023-26768 Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and
CVE-2023-26769 Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable func

Version: 3.20.0-2ubuntu0.1 2022-06-13 19:06:34 UTC

  liblouis (3.20.0-2ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2022-26981.patch: prevent writing
      past CharString memory in compilePassOpcode in
      liblouis/compileTranslationTable.c.
    - CVE-2022-26981
  * SECURITY UPDATE: Out-of-bounds
    - debian/patches/CVE-2022-31783.patch: prevent an invalid
      memory writes in compileRule in liblouis/compileTranslationTable.c.
    - CVE-2022-31783

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 01 Jun 2022 13:30:50 -0300

CVE-2022-26981 Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).
CVE-2022-31783 Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.



About   -   Send Feedback to @ubuntu_updates