[SECURITY] Fedora 26 Update: liblouis-2.6.2-12.fc26

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-2c9852dd05 2017-11-15 19:03:16.425722 -------------------------------------------------------------------------------- Name : liblouis Product : Fedora 26 Version : 2.6.2 Release : 12.fc26 URL : http://liblouis.org Summary : Braille translation and back-translation library Description : Liblouis is an open-source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables that support a rule- or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg). Liblouis has features to support screen-reading programs. This has led to its use in two open-source screen readers, NVDA and Orca. It is also used in some commercial assistive technology applications for example by ViewPlus. Liblouis is based on the translation routines in the BRLTTY screen reader for Linux. It has, however, gone far beyond these routines. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13742 CVE-2017-13743 CVE-2017-13744 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1488942 - CVE-2017-13743 liblouis: Buffer overflow in the function _lou_showString() https://bugzilla.redhat.com/show_bug.cgi?id=1488942 [ 2 ] Bug #1488939 - CVE-2017-13742 liblouis: Stack-buffer overflow in the function includeFile() https://bugzilla.redhat.com/show_bug.cgi?id=1488939 [ 3 ] Bug #1488938 - CVE-2017-13741 liblouis: Use-after-free in the function compileBrailleIndicator() https://bugzilla.redhat.com/show_bug.cgi?id=1488938 [ 4 ] Bug #1488937 - CVE-2017-13740 liblouis: Stack-buffer overflow in the parseChars() function https://bugzilla.redhat.com/show_bug.cgi?id=1488937 [ 5 ] Bug #1488936 - CVE-2017-13739 liblouis: Heap-buffer overflow resulting in an out-of-bounds write in resolveSubtable() function https://bugzilla.redhat.com/show_bug.cgi?id=1488936 [ 6 ] Bug #1488935 - CVE-2017-13744 liblouis: Illegal address access in the _lou_getALine() function https://bugzilla.redhat.com/show_bug.cgi?id=1488935 [ 7 ] Bug #1488933 - CVE-2017-13738 liblouis: Illegal address access in the _lou_getALine function https://bugzilla.redhat.com/show_bug.cgi?id=1488933 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade liblouis' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------