openSUSE Security Update : liblouis (openSUSE-2017-1120)

high Nessus Plugin ID 103660

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for liblouis fixes several issues.

These security issues were fixed :

- CVE-2017-13738: Prevent illegal address access in the
_lou_getALine function that allowed to cause remote DoS (bsc#1056105).

- CVE-2017-13739: Prevent heap-based buffer overflow in the function resolveSubtable() that could have caused DoS or remote code execution (bsc#1056101).

- CVE-2017-13740: Prevent stack-based buffer overflow in the function parseChars() that could have caused DoS or possibly unspecified other impact (bsc#1056097)

- CVE-2017-13741: Prevent use-after-free in function compileBrailleIndicator() that allowed to cause remote DoS (bsc#1056095).

- CVE_2017-13742: Prevent stack-based buffer overflow in function includeFile that allowed to cause remote DoS (bsc#1056093).

- CVE-2017-13743: Prevent buffer overflow triggered in the function _lou_showString() that allowed to cause remote DoS (bsc#1056090).

- CVE-2017-13744: Prevent illegal address access in the function _lou_getALine() that allowed to cause remote DoS (bsc#1056088).

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Solution

Update the affected liblouis packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1056101

https://bugzilla.opensuse.org/show_bug.cgi?id=1056105

https://bugzilla.opensuse.org/show_bug.cgi?id=1056088

https://bugzilla.opensuse.org/show_bug.cgi?id=1056090

https://bugzilla.opensuse.org/show_bug.cgi?id=1056093

https://bugzilla.opensuse.org/show_bug.cgi?id=1056095

https://bugzilla.opensuse.org/show_bug.cgi?id=1056097

Plugin Details

Severity: High

ID: 103660

File Name: openSUSE-2017-1120.nasl

Version: 3.4

Type: local

Agent: unix

Published: 10/4/2017

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:liblouis-devel, p-cpe:/a:novell:opensuse:liblouis9, p-cpe:/a:novell:opensuse:liblouis9-debuginfo, p-cpe:/a:novell:opensuse:python-louis, cpe:/o:novell:opensuse:42.2, p-cpe:/a:novell:opensuse:liblouis-tools, cpe:/o:novell:opensuse:42.3, p-cpe:/a:novell:opensuse:liblouis-tools-debuginfo, p-cpe:/a:novell:opensuse:liblouis-data, p-cpe:/a:novell:opensuse:liblouis-debugsource

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 10/3/2017

Reference Information

CVE: CVE-2017-13738, CVE-2017-13739, CVE-2017-13740, CVE-2017-13741, CVE-2017-13743, CVE-2017-13744