Security update for libplist
This update for libplist fixes the following issues:
- CVE-2017-5209: The base64decode function in libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data (bsc#1019531).
- CVE-2017-5834: A heap-buffer overflow in parse_dict_node was fixed (bsc#1023848)
- CVE-2017-5835: A memory allocation error leading to DoS was fixed. (bsc#1023822)
- CVE-2017-5836: A type inconsistency in bplist.c was fixed. (bsc#1023807)
-
Submitted by
Antonio Larrosa (alarrosa)
Fixed bugs
bnc#1023848
VUL-1: CVE-2017-5834: libplist: Heap-buffer overflow in parse_dict_node
bnc#1023822
VUL-1: CVE-2017-5835: libplist: Memory allocation error leading to DoS
bnc#1023807
VUL-1: CVE-2017-5836: libplist: Type inconsistency in bplist.c
bnc#1019531
VUL-1: CVE-2017-5209: libplist: base64decode buffer over-read via split encoded Apple Property List data
