Advisories ยป MGASA-2018-0025

Updated libplist packages fix security vulnerability

Publication date: 03 Jan 2018
Modification date: 03 Jan 2018
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-5209 , CVE-2017-5545 , CVE-2017-5834 , CVE-2017-5835 , CVE-2017-5836 , CVE-2017-6435 , CVE-2017-6436 , CVE-2017-6437 , CVE-2017-6438 , CVE-2017-6439 , CVE-2017-6440 , CVE-2017-7982

Description

The base64decode function in libplist allowed attackers to obtain
sensitive information from process memory or cause a denial of
service (buffer over-read) via split encoded Apple Property List data
(CVE-2017-5209).

The main function in plistutil.c in libimobiledevice libplist allowed
attackers to obtain sensitive information from process memory or cause a
denial of service (buffer over-read) via Apple Property List data that is
too short (CVE-2017-5545).

A heap-buffer overflow in parse_dict_node could cause a segmentation fault
(CVE-2017-5834).

Malicious crafted file could cause libplist to allocate large amounts of
memory and consume lots of CPU because of a memory allocation error
(CVE-2017-5835).

A type inconsistency in bplist.c could cause the application to crash
(CVE-2017-5836).

Crafted plist file could lead to Heap-buffer overflow (CVE-2017-6435).

Integer overflow in parse_string_node (CVE-2017-6436).

The base64encode function in base64.c allows local users to cause denial
of service (out-of-bounds read) via a crafted plist file (CVE-2017-6437).

Heap-based buffer overflow in the parse_unicode_node function
(CVE-2017-6438).

Heap-based buffer overflow in the parse_string_node function
(CVE-2017-6439).

Ensure that sanity checks work on 32-bit platforms (CVE-2017-6440).

Add some safety checks, backported from upstream (CVE-2017-7982).

The gvfs, ifuse, kodi, libgpod, libimobiledevice, upower, and usbmuxd
packages have been rebuilt for the updated libplist.

References

SRPMS

5/core