Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:Update
patchinfo.4090
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.4090
<patchinfo incident="4090"> <issue id="1023822" tracker="bnc">VUL-1: CVE-2017-5835: libplist: Memory allocation error leading to DoS</issue> <issue id="1023807" tracker="bnc">VUL-1: CVE-2017-5836: libplist: Type inconsistency in bplist.c</issue> <issue id="1021610" tracker="bnc">VUL-1: CVE-2017-5545: libplist: invalid read on too short input files</issue> <issue id="1035312" tracker="bnc">VUL-1: CVE-2017-7982: libimobiledevice: denial of service (heap-based buffer over-read and application crash) via a crafted plist file</issue> <issue id="1019531" tracker="bnc">VUL-1: CVE-2017-5209: libplist: base64decode buffer over-read via split encoded Apple Property List data</issue> <issue id="1029631" tracker="bnc">VUL-0: CVE-2017-6440: libplist: crafted plist file could lead to denial of service</issue> <issue id="1023848" tracker="bnc">VUL-1: CVE-2017-5834: libplist: Heap-buffer overflow in parse_dict_node</issue> <issue id="2017-6440" tracker="cve" /> <issue id="2017-7982" tracker="cve" /> <issue id="2017-5545" tracker="cve" /> <issue id="2017-5209" tracker="cve" /> <issue id="2017-5834" tracker="cve" /> <issue id="2017-5835" tracker="cve" /> <issue id="2017-5836" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>mgorse</packager> <description> This update for libplist fixes the following issues: - CVE-2017-5209: The base64decode function in libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data (bsc#1019531). - CVE-2017-5545: The main function in plistutil.c in libimobiledevice libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. (bsc#1021610). - CVE-2017-5836: A type inconsistency in bplist.c was fixed. (bsc#1023807) - CVE-2017-5835: A memory allocation error leading to DoS was fixed. (bsc#1023822) - CVE-2017-5834: A heap-buffer overflow in parse_dict_node was fixed. (bsc#1023848) - CVE-2017-6440: Ensure that sanity checks work on 32-bit platforms. (bsc#1029631) - CVE-2017-7982: Add some safety checks, backported from upstream (bsc#1035312). - CVE-2017-5836: A maliciously crafted file could cause the application to crash. (bsc#1023807). - CVE-2017-5835: Malicious crafted file could cause libplist to allocate large amounts of memory and consume lots of CPU (bsc#1023822) - CVE-2017-5834: Maliciou crafted file could cause a heap buffer overflow or segmentation fault (bsc#1023848) </description> <summary>Security update for libplist</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
