Bugzilla – Bug 1197085
VUL-0: CVE-2022-26981: liblouis: out-of-bounds write in compilePassOpcode
Last modified: 2022-07-04 13:17:37 UTC
rh#2063625 Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). https://github.com/liblouis/liblouis/issues/1171 References: https://bugzilla.redhat.com/show_bug.cgi?id=2063625 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26981 https://github.com/liblouis/liblouis/issues/1171 http://www.cvedetails.com/cve/CVE-2022-26981/
No patch has been provided upstream yet. The poc triggers the overflow on the following codestreams: - SUSE:SLE-15:Update - SUSE:SLE-15-SP2:Update - SUSE:SLE-15-SP4:Update - openSUSE:Factory
SUSE-SU-2022:2184-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1197085,1200120 CVE References: CVE-2022-26981,CVE-2022-31783 JIRA References: Sources used: openSUSE Leap 15.4 (src): liblouis-3.11.0-150200.3.3.1 openSUSE Leap 15.3 (src): liblouis-3.11.0-150200.3.3.1 SUSE Manager Server 4.1 (src): liblouis-3.11.0-150200.3.3.1 SUSE Manager Retail Branch Server 4.1 (src): liblouis-3.11.0-150200.3.3.1 SUSE Manager Proxy 4.1 (src): liblouis-3.11.0-150200.3.3.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): liblouis-3.11.0-150200.3.3.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): liblouis-3.11.0-150200.3.3.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): liblouis-3.11.0-150200.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): liblouis-3.11.0-150200.3.3.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): liblouis-3.11.0-150200.3.3.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): liblouis-3.11.0-150200.3.3.1 SUSE Enterprise Storage 7 (src): liblouis-3.11.0-150200.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:2252-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1130813,1197085,1200120 CVE References: CVE-2022-26981,CVE-2022-31783 JIRA References: Sources used: openSUSE Leap 15.4 (src): liblouis-3.3.0-150000.4.8.1 openSUSE Leap 15.3 (src): liblouis-3.3.0-150000.4.8.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): liblouis-3.3.0-150000.4.8.1 SUSE Linux Enterprise Server for SAP 15 (src): liblouis-3.3.0-150000.4.8.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): liblouis-3.3.0-150000.4.8.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): liblouis-3.3.0-150000.4.8.1 SUSE Linux Enterprise Server 15-LTSS (src): liblouis-3.3.0-150000.4.8.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): liblouis-3.3.0-150000.4.8.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): liblouis-3.3.0-150000.4.8.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): liblouis-3.3.0-150000.4.8.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): liblouis-3.3.0-150000.4.8.1 SUSE Enterprise Storage 6 (src): liblouis-3.3.0-150000.4.8.1 SUSE CaaS Platform 4.0 (src): liblouis-3.3.0-150000.4.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.