Debian LTS: DLA-2168-1: libplist security update

    Date 02 Apr 2020
    254
    Posted By LinuxSecurity Advisories
    libplist is a library for reading and writing the Apple binary and XML property lists format. It's part of the libimobiledevice stack, providing access to iDevices (iPod, iPhone, iPad ...).
    
    Package        : libplist
    Version        : 1.11-3+deb8u1
    CVE ID         : CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835
                     CVE-2017-6435 CVE-2017-6436 CVE-2017-6439 CVE-2017-7982
    Debian Bug     : 851196 852385 854000 860945
    
    
    libplist is a library for reading and writing the Apple binary and XML
    property lists format. It's part of the libimobiledevice stack, providing
    access to iDevices (iPod, iPhone, iPad ...).
    
    CVE-2017-5209
    
        The base64decode function in base64.c allows attackers to obtain sensitive
        information from process memory or cause a denial of service (buffer
        over-read) via split encoded Apple Property List data.
    
    CVE-2017-5545
    
        The main function in plistutil.c allows attackers to obtain sensitive
        information from process memory or cause a denial of service (buffer
        over-read) via Apple Property List data that is too short.
    
    CVE-2017-5834
    
        The parse_dict_node function in bplist.c allows attackers to cause a denial
        of service (out-of-bounds heap read and crash) via a crafted file.
    
    CVE-2017-5835
    
        libplist allows attackers to cause a denial of service (large memory
        allocation and crash) via vectors involving an offset size of zero.
    
    CVE-2017-6435
    
        The parse_string_node function in bplist.c allows local users to cause a
        denial of service (memory corruption) via a crafted plist file.
    
    CVE-2017-6436
    
        The parse_string_node function in bplist.c allows local users to cause a
        denial of service (memory allocation error) via a crafted plist file.
    
    CVE-2017-6439
    
        Heap-based buffer overflow in the parse_string_node function in bplist.c
        allows local users to cause a denial of service (out-of-bounds write) via
        a crafted plist file.
    
    CVE-2017-7982
    
        Integer overflow in the plist_from_bin function in bplist.c allows remote
        attackers to cause a denial of service (heap-based buffer over-read and
        application crash) via a crafted plist file.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    1.11-3+deb8u1.
    
    We recommend that you upgrade your libplist packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"94","type":"x","order":"1","pct":79.66,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.25,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.08,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.