Security update for libplist SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1426-1 Final 1 1 2017-05-27T19:51:54Z current 2017-05-27T19:51:54Z 2017-05-27T19:51:54Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libplist This update for libplist fixes the following issues: - CVE-2017-5209: The base64decode function in libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data (bsc#1019531). - CVE-2017-5545: The main function in plistutil.c in libimobiledevice libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. (bsc#1021610). - CVE-2017-5836: A type inconsistency in bplist.c was fixed. (bsc#1023807) - CVE-2017-5835: A memory allocation error leading to DoS was fixed. (bsc#1023822) - CVE-2017-5834: A heap-buffer overflow in parse_dict_node was fixed. (bsc#1023848) - CVE-2017-6440: Ensure that sanity checks work on 32-bit platforms. (bsc#1029631) - CVE-2017-7982: Add some safety checks, backported from upstream (bsc#1035312). - CVE-2017-5836: A maliciously crafted file could cause the application to crash. (bsc#1023807). - CVE-2017-5835: Malicious crafted file could cause libplist to allocate large amounts of memory and consume lots of CPU (bsc#1023822) - CVE-2017-5834: Maliciou crafted file could cause a heap buffer overflow or segmentation fault (bsc#1023848) This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-05/msg00094.html E-Mail link for openSUSE-SU-2017:1426-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 libplist-1.12-7.3.1 libplist++-devel-1.12-7.3.1 libplist++3-1.12-7.3.1 libplist++3-32bit-1.12-7.3.1 libplist-devel-1.12-7.3.1 libplist3-1.12-7.3.1 libplist3-32bit-1.12-7.3.1 plistutil-1.12-7.3.1 python-plist-1.12-7.3.1 libplist-1.12-7.3.1 as a component of openSUSE Leap 42.2 libplist++-devel-1.12-7.3.1 as a component of openSUSE Leap 42.2 libplist++3-1.12-7.3.1 as a component of openSUSE Leap 42.2 libplist++3-32bit-1.12-7.3.1 as a component of openSUSE Leap 42.2 libplist-devel-1.12-7.3.1 as a component of openSUSE Leap 42.2 libplist3-1.12-7.3.1 as a component of openSUSE Leap 42.2 libplist3-32bit-1.12-7.3.1 as a component of openSUSE Leap 42.2 plistutil-1.12-7.3.1 as a component of openSUSE Leap 42.2 python-plist-1.12-7.3.1 as a component of openSUSE Leap 42.2 The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data. CVE-2017-5209 openSUSE Leap 42.2:libplist++-devel-1.12-7.3.1 openSUSE Leap 42.2:libplist++3-1.12-7.3.1 openSUSE Leap 42.2:libplist++3-32bit-1.12-7.3.1 openSUSE Leap 42.2:libplist-1.12-7.3.1 openSUSE Leap 42.2:libplist-devel-1.12-7.3.1 openSUSE Leap 42.2:libplist3-1.12-7.3.1 openSUSE Leap 42.2:libplist3-32bit-1.12-7.3.1 openSUSE Leap 42.2:plistutil-1.12-7.3.1 openSUSE Leap 42.2:python-plist-1.12-7.3.1 moderate 4.3 AV:A/AC:M/Au:N/C:P/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00094.html https://www.suse.com/security/cve/CVE-2017-5209.html CVE-2017-5209 https://bugzilla.suse.com/1019531 SUSE Bug 1019531 https://bugzilla.suse.com/1021610 SUSE Bug 1021610 The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. CVE-2017-5545 openSUSE Leap 42.2:libplist++-devel-1.12-7.3.1 openSUSE Leap 42.2:libplist++3-1.12-7.3.1 openSUSE Leap 42.2:libplist++3-32bit-1.12-7.3.1 openSUSE Leap 42.2:libplist-1.12-7.3.1 openSUSE Leap 42.2:libplist-devel-1.12-7.3.1 openSUSE Leap 42.2:libplist3-1.12-7.3.1 openSUSE Leap 42.2:libplist3-32bit-1.12-7.3.1 openSUSE Leap 42.2:plistutil-1.12-7.3.1 openSUSE Leap 42.2:python-plist-1.12-7.3.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00094.html https://www.suse.com/security/cve/CVE-2017-5545.html CVE-2017-5545 https://bugzilla.suse.com/1021610 SUSE Bug 1021610 The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file. CVE-2017-5834 openSUSE Leap 42.2:libplist++-devel-1.12-7.3.1 openSUSE Leap 42.2:libplist++3-1.12-7.3.1 openSUSE Leap 42.2:libplist++3-32bit-1.12-7.3.1 openSUSE Leap 42.2:libplist-1.12-7.3.1 openSUSE Leap 42.2:libplist-devel-1.12-7.3.1 openSUSE Leap 42.2:libplist3-1.12-7.3.1 openSUSE Leap 42.2:libplist3-32bit-1.12-7.3.1 openSUSE Leap 42.2:plistutil-1.12-7.3.1 openSUSE Leap 42.2:python-plist-1.12-7.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00094.html https://www.suse.com/security/cve/CVE-2017-5834.html CVE-2017-5834 https://bugzilla.suse.com/1023848 SUSE Bug 1023848 libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero. CVE-2017-5835 openSUSE Leap 42.2:libplist++-devel-1.12-7.3.1 openSUSE Leap 42.2:libplist++3-1.12-7.3.1 openSUSE Leap 42.2:libplist++3-32bit-1.12-7.3.1 openSUSE Leap 42.2:libplist-1.12-7.3.1 openSUSE Leap 42.2:libplist-devel-1.12-7.3.1 openSUSE Leap 42.2:libplist3-1.12-7.3.1 openSUSE Leap 42.2:libplist3-32bit-1.12-7.3.1 openSUSE Leap 42.2:plistutil-1.12-7.3.1 openSUSE Leap 42.2:python-plist-1.12-7.3.1 low 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00094.html https://www.suse.com/security/cve/CVE-2017-5835.html CVE-2017-5835 https://bugzilla.suse.com/1023822 SUSE Bug 1023822 The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free. CVE-2017-5836 openSUSE Leap 42.2:libplist++-devel-1.12-7.3.1 openSUSE Leap 42.2:libplist++3-1.12-7.3.1 openSUSE Leap 42.2:libplist++3-32bit-1.12-7.3.1 openSUSE Leap 42.2:libplist-1.12-7.3.1 openSUSE Leap 42.2:libplist-devel-1.12-7.3.1 openSUSE Leap 42.2:libplist3-1.12-7.3.1 openSUSE Leap 42.2:libplist3-32bit-1.12-7.3.1 openSUSE Leap 42.2:plistutil-1.12-7.3.1 openSUSE Leap 42.2:python-plist-1.12-7.3.1 low 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00094.html https://www.suse.com/security/cve/CVE-2017-5836.html CVE-2017-5836 https://bugzilla.suse.com/1023807 SUSE Bug 1023807 https://bugzilla.suse.com/1023848 SUSE Bug 1023848 The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file. CVE-2017-6440 openSUSE Leap 42.2:libplist++-devel-1.12-7.3.1 openSUSE Leap 42.2:libplist++3-1.12-7.3.1 openSUSE Leap 42.2:libplist++3-32bit-1.12-7.3.1 openSUSE Leap 42.2:libplist-1.12-7.3.1 openSUSE Leap 42.2:libplist-devel-1.12-7.3.1 openSUSE Leap 42.2:libplist3-1.12-7.3.1 openSUSE Leap 42.2:libplist3-32bit-1.12-7.3.1 openSUSE Leap 42.2:plistutil-1.12-7.3.1 openSUSE Leap 42.2:python-plist-1.12-7.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00094.html https://www.suse.com/security/cve/CVE-2017-6440.html CVE-2017-6440 https://bugzilla.suse.com/1029631 SUSE Bug 1029631 https://bugzilla.suse.com/1029706 SUSE Bug 1029706 Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file. CVE-2017-7982 openSUSE Leap 42.2:libplist++-devel-1.12-7.3.1 openSUSE Leap 42.2:libplist++3-1.12-7.3.1 openSUSE Leap 42.2:libplist++3-32bit-1.12-7.3.1 openSUSE Leap 42.2:libplist-1.12-7.3.1 openSUSE Leap 42.2:libplist-devel-1.12-7.3.1 openSUSE Leap 42.2:libplist3-1.12-7.3.1 openSUSE Leap 42.2:libplist3-32bit-1.12-7.3.1 openSUSE Leap 42.2:plistutil-1.12-7.3.1 openSUSE Leap 42.2:python-plist-1.12-7.3.1 moderate 4.1 AV:L/AC:M/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-05/msg00094.html https://www.suse.com/security/cve/CVE-2017-7982.html CVE-2017-7982 https://bugzilla.suse.com/1035312 SUSE Bug 1035312