UbuntuUpdates.org

Package "liblouis"

Name: liblouis

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Braille translation library - data
  • Braille translation library - static libs and headers
  • Braille translation library - shared libs
  • Python bindings for liblouis
Latest version: 3.24.0-1ubuntu0.1
Release: lunar (23.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "liblouis" in Lunar

Repository Area Version
base main 3.24.0-1
base universe 3.24.0-1
security universe 3.24.0-1ubuntu0.1
updates main 3.24.0-1ubuntu0.1
updates universe 3.24.0-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.24.0-1ubuntu0.1 2023-05-23 17:06:59 UTC

  liblouis (3.24.0-1ubuntu0.1) lunar-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2023-26767.patch: check the length
      of path before copying indo dataPath in
      liblouis/compileTranslationTable.c, liblouis/liblouis.h.in.
    - CVE-2023-26767
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2023-26768-1.patch: check filename before
      coping to initialLogFileName in liblouis/logging.c.
    - debian/patches/CVE-2023-26768-2.patch: replace the magic
      number with a define in liblouis/logging.c.
    - CVE-2023-26768
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2023-26769-1.patch: check path length
      before coping into tableFile in liblouis/compileTranslationTable.c.
    - debian/patches/CVE-2023-26769-2.patch: fix format in
      liblouis/compileTranslationTable.c.
    - debian/patches/CVE-2023-26769-3.patch: add parentheses for
      define expression in liblouis/compileTranslationTable.c.
    - CVE-2023-26769

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 22 May 2023 10:19:18 -0300
CVE-2023-26767 Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at loggin
CVE-2023-26768 Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and
CVE-2023-26769 Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable func


About   -   Send Feedback to @ubuntu_updates