Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5476-1

Ubuntu Security Notice 5476-1 - Han Zheng discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. This issue was addressed in Ubuntu 21.10 and Ubuntu 22.04 LTS. It was discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash.

Packet Storm
#vulnerability#ubuntu

==========================================================================
Ubuntu Security Notice USN-5476-1
June 13, 2022

liblouis vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 22.04 LTS
  • Ubuntu 21.10
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in liblouis.

Software Description:

  • liblouis: Braille translation library - utilities

Details:

Han Zheng discovered that Liblouis incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash. This issue was
addressed in Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2022-26981)

It was discovered that Liblouis incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code
or cause a crash. (CVE-2022-31783)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
liblouis-bin 3.20.0-2ubuntu0.1
liblouis20 3.20.0-2ubuntu0.1

Ubuntu 21.10:
liblouis-bin 3.18.0-1ubuntu0.2
liblouis20 3.18.0-1ubuntu0.2

Ubuntu 20.04 LTS:
liblouis-bin 3.12.0-3ubuntu0.1
liblouis20 3.12.0-3ubuntu0.1

Ubuntu 18.04 LTS:
liblouis-bin 3.5.0-1ubuntu0.4
liblouis14 3.5.0-1ubuntu0.4

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5476-1
CVE-2022-26981, CVE-2022-31783

Package Information:
https://launchpad.net/ubuntu/+source/liblouis/3.20.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/liblouis/3.18.0-1ubuntu0.2
https://launchpad.net/ubuntu/+source/liblouis/3.12.0-3ubuntu0.1
https://launchpad.net/ubuntu/+source/liblouis/3.5.0-1ubuntu0.4

Related news

CVE-2022-32824: About the security content of tvOS 15.6

The issue was addressed with improved memory handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.

CVE-2022-32855: About the security content of iOS 15.6 and iPadOS 15.6

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6. A user may be able to view restricted content from the lock screen.

Gentoo Linux Security Advisory 202301-06

Gentoo Linux Security Advisory 202301-6 - Multiple vulnerabilities have been discovered in liblouis, the worst of which could result in denial of service. Versions less than 3.22.0 are affected.

CVE-2022-32793: About the security content of macOS Monterey 12.5

Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.

Apple Security Advisory 2022-07-20-6

Apple Security Advisory 2022-07-20-6 - watchOS 8.7 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and spoofing vulnerabilities.

Apple Security Advisory 2022-07-20-5

Apple Security Advisory 2022-07-20-5 - tvOS 15.6 addresses buffer overflow, bypass, code execution, information leakage, out of bounds read, out of bounds write, and spoofing vulnerabilities.

Apple Security Advisory 2022-07-20-2

Apple Security Advisory 2022-07-20-2 - macOS Monterey 12.5 addresses bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.

Apple Security Advisory 2022-07-20-1

Apple Security Advisory 2022-07-20-1 - iOS 15.6 and iPadOS 15.6 addresses buffer overflow, bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.

CVE-2022-31783: Prevent an invalid memory writes in compileRule · liblouis/liblouis@ff747ec

Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.

CVE-2022-26981: [BUG] global-buffer-overflow in lou_checktable · Issue #1171 · liblouis/liblouis

Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution