Security update for libplist
This update for libplist addresses the following vulnerabilities:
- CVE-2017-5545: OOB heap buffer read which could allow attackers to obtain sensitive information from process memory or cause a DoS (bsc#1021610)
- CVE-2017-5209: base64decode function could have allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data
-
Submitted by
Andreas Stieger (AndreasStieger)
Fixed bugs
bnc#1019531
VUL-1: CVE-2017-5209: libplist: base64decode buffer over-read via split encoded Apple Property List data
bnc#1021610
VUL-1: CVE-2017-5545: libplist: invalid read on too short input files
