Описание
Security update for libplist
This update for libplist addresses the following vulnerabilities:
- CVE-2017-5545: OOB heap buffer read which could allow attackers to obtain sensitive information from process memory or cause a DoS (bsc#1021610)
- CVE-2017-5209: base64decode function could have allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data
Список пакетов
openSUSE Leap 42.1
libplist-1.12-5.1
libplist++-devel-1.12-5.1
libplist++3-1.12-5.1
libplist++3-32bit-1.12-5.1
libplist-devel-1.12-5.1
libplist3-1.12-5.1
libplist3-32bit-1.12-5.1
plistutil-1.12-5.1
python-plist-1.12-5.1
openSUSE Leap 42.2
libplist-1.12-5.1
libplist++-devel-1.12-5.1
libplist++3-1.12-5.1
libplist++3-32bit-1.12-5.1
libplist-devel-1.12-5.1
libplist3-1.12-5.1
libplist3-32bit-1.12-5.1
plistutil-1.12-5.1
python-plist-1.12-5.1
Ссылки
- E-Mail link for openSUSE-SU-2017:0428-1
- SUSE Security Ratings
Описание
The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.
Затронутые продукты
openSUSE Leap 42.1:libplist++-devel-1.12-5.1
openSUSE Leap 42.1:libplist++3-1.12-5.1
openSUSE Leap 42.1:libplist++3-32bit-1.12-5.1
openSUSE Leap 42.1:libplist-1.12-5.1
Ссылки
- CVE-2017-5209
- SUSE Bug 1019531
- SUSE Bug 1021610
Описание
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short.
Затронутые продукты
openSUSE Leap 42.1:libplist++-devel-1.12-5.1
openSUSE Leap 42.1:libplist++3-1.12-5.1
openSUSE Leap 42.1:libplist++3-32bit-1.12-5.1
openSUSE Leap 42.1:libplist-1.12-5.1
Ссылки
- CVE-2017-5545
- SUSE Bug 1021610