Updated libplist packages fix security vulnerability
Publication date: 03 Jan 2018Modification date: 03 Jan 2018
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-5209 , CVE-2017-5545 , CVE-2017-5834 , CVE-2017-5835 , CVE-2017-5836 , CVE-2017-6435 , CVE-2017-6436 , CVE-2017-6437 , CVE-2017-6438 , CVE-2017-6439 , CVE-2017-6440 , CVE-2017-7982
Description
The base64decode function in libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data (CVE-2017-5209). The main function in plistutil.c in libimobiledevice libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short (CVE-2017-5545). A heap-buffer overflow in parse_dict_node could cause a segmentation fault (CVE-2017-5834). Malicious crafted file could cause libplist to allocate large amounts of memory and consume lots of CPU because of a memory allocation error (CVE-2017-5835). A type inconsistency in bplist.c could cause the application to crash (CVE-2017-5836). Crafted plist file could lead to Heap-buffer overflow (CVE-2017-6435). Integer overflow in parse_string_node (CVE-2017-6436). The base64encode function in base64.c allows local users to cause denial of service (out-of-bounds read) via a crafted plist file (CVE-2017-6437). Heap-based buffer overflow in the parse_unicode_node function (CVE-2017-6438). Heap-based buffer overflow in the parse_string_node function (CVE-2017-6439). Ensure that sanity checks work on 32-bit platforms (CVE-2017-6440). Add some safety checks, backported from upstream (CVE-2017-7982). The gvfs, ifuse, kodi, libgpod, libimobiledevice, upower, and usbmuxd packages have been rebuilt for the updated libplist.
References
- https://bugs.mageia.org/show_bug.cgi?id=20232
- https://lists.opensuse.org/opensuse-updates/2017-05/msg00094.html
- https://lists.opensuse.org/opensuse-updates/2017-08/msg00082.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5209
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5545
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5834
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5835
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5836
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6435
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6436
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6437
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6438
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6439
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6440
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7982
SRPMS
5/core
- libplist-1.12-1.mga5
- gvfs-1.22.3-2.2.mga5
- ifuse-1.1.3-4.1.mga5
- kodi-14.0-2.3.mga5
- libgpod-0.8.3-8.2.mga5
- libimobiledevice-1.1.6-4.2.mga5
- upower-0.99.2-1.2.mga5
- usbmuxd-1.0.9-6.2.mga5