UbuntuUpdates.org

Package "liblouis20"

Name: liblouis20

Description:

Braille translation library - shared libs
Latest version: 3.12.0-3ubuntu0.2
Release: focal (20.04)
Level: updates
Repository: main
Head package: liblouis
Homepage: http://liblouis.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "liblouis20"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "liblouis20" in Focal

Repository Area Version
base main 3.12.0-3
security main 3.12.0-3ubuntu0.2

Changelog

Version: 3.12.0-3ubuntu0.2 2023-04-04 18:06:53 UTC

  liblouis (3.12.0-3ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2023-26767.patch: check the length
      of path before copying indo dataPath in
      liblouis/compileTranslationTable.c, liblouis/liblouis.h.in.
    - CVE-2023-26767
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2023-26768-1.patch: check filename before
      coping to initialLogFileName in liblouis/logging.c.
    - debian/patches/CVE-2023-26768-2.patch: replace the magic
      number with a define in liblouis/logging.c.
    - CVE-2023-26768
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2023-26769-1.patch: check path length
      before coping into tableFile in liblouis/compileTranslationTable.c.
    - debian/patches/CVE-2023-26769-2.patch: fix format in
      liblouis/compileTranslationTable.c.
    - debian/patches/CVE-2023-26769-3.patch: add parentheses for
      define expression in liblouis/compileTranslationTable.c.
    - CVE-2023-26769

 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 24 Mar 2023 10:58:06 -0300
Source diff to previous version
CVE-2023-26767 Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at loggin
CVE-2023-26768 Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and
CVE-2023-26769 Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable func

Version: 3.12.0-3ubuntu0.1 2022-06-13 19:06:25 UTC

  liblouis (3.12.0-3ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds
    - debian/patches/CVE-2022-31783.patch: prevent an invalid
      memory writes in compileRule in liblouis/compileTranslationTable.c.
    - CVE-2022-31783

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 07 Jun 2022 12:47:30 -0300
CVE-2022-31783 Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.


About   -   Send Feedback to @ubuntu_updates