Описание
Security update for libplist
This update for libplist fixes the following issues:
- CVE-2017-5209: The base64decode function in libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data (bsc#1019531).
- CVE-2017-5834: A heap-buffer overflow in parse_dict_node was fixed (bsc#1023848)
- CVE-2017-5835: A memory allocation error leading to DoS was fixed. (bsc#1023822)
- CVE-2017-5836: A type inconsistency in bplist.c was fixed. (bsc#1023807)
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2017:0528-1
- SUSE Security Ratings
Описание
The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.
Затронутые продукты
Ссылки
- CVE-2017-5209
- SUSE Bug 1019531
- SUSE Bug 1021610
Описание
The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-5834
- SUSE Bug 1023848
Описание
libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero.
Затронутые продукты
Ссылки
- CVE-2017-5835
- SUSE Bug 1023822
Описание
The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.
Затронутые продукты
Ссылки
- CVE-2017-5836
- SUSE Bug 1023807
- SUSE Bug 1023848