Please Install the Updated Packages.

brltty (Braille TTY) is a background process (daemon) which provides access to the Linux console (when in text mode) for a blind person using a refreshable braille display. It drives the braille display, and provides complete screen review functionality. It was discovered that a brltty library had an insecure relative RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. A local user able to convince another user to run an application using brltty in an attacker-controlled directory, could run arbitrary code with the privileges of the victim. (CVE-2008-3279) These updated packages also provide fixes for the following bugs: * the brltty configuration file is documented in the brltty manual page, but there is no separate manual page for the /etc/brltty.conf configuration file: running &quot man brltty.conf&quot returned &quot No manual entry for brltty.conf&quot rather than opening the brltty manual entry. This update adds brltty.conf.5 as an alias to the brltty manual page. Consequently, running &quot man brltty.conf&quot now opens the manual entry documenting the brltty.conf specification. (BZ#530554) * previously, the brltty-pm.conf configuration file was installed in the /etc/brltty/ directory. This file, which configures Papenmeier Braille Terminals for use with Red Hat Enterprise Linux, is optional. As well, it did not come with a corresponding manual page. With this update, the file has been moved to /usr/share/doc/brltty-3.7.2/BrailleDrivers/Papenmeier/. This directory also includes a README document that explains the file's purpose and format. (BZ#530554) * during the brltty packages installation, the message Creating screen inspection device /dev/vcsa...done. was presented at the console. This was inadequate, especially during the initial install of the system. These updated packages do not send any message to the console during installation. (BZ#529163) * although brltty contains ELF objects, the brltty-debuginfo package was empty. With this update, the -debuginfo package contains valid debugging information as expected. (BZ#500545) * the MAX_NR_CONSOLES definition was acquired by brltty by #including linux/tty.h in Programs/api_client.c. MAX_NR_CONSOLES has since moved to linux/vt.h but the #include in api_client.c was not updated. Consequently, brltty could not be built from the source RPM against the Red Hat Enterprise Linux 5 kernel. This update corrects the #include in api_client.c to linux/vt.h and brltty now builds from source as expected. (BZ#456247) All brltty users are advised to upgrade to these updated packages, which resolve these issues.

brltty on Red Hat Enterprise Linux (v. 5 server)

• https://www.redhat.com/archives/rhsa-announce/2010-March/msg00030.html

---

Updated on 2015-03-25