Overview

File _patchinfo of Package patchinfo.6403

<patchinfo incident="6403">
  <issue id="1023848" tracker="bnc">VUL-1: CVE-2017-5834: libplist: Heap-buffer overflow in parse_dict_node</issue>
  <issue id="1023822" tracker="bnc">VUL-1: CVE-2017-5835: libplist: Memory allocation error leading to DoS</issue>
  <issue id="1023807" tracker="bnc">VUL-1: CVE-2017-5836: libplist: Type inconsistency in bplist.c</issue>
  <issue id="1019531" tracker="bnc">VUL-1: CVE-2017-5209: libplist: base64decode buffer over-read via split encoded Apple Property List data</issue>
  <issue id="2017-5209" tracker="cve" />
  <issue id="2017-5834" tracker="cve" />
  <issue id="2017-5835" tracker="cve" />
  <issue id="2017-5836" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>alarrosa</packager>
  <description>
This update for libplist fixes the following issues:

- CVE-2017-5209: The base64decode function in libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data (bsc#1019531).
- CVE-2017-5834: A heap-buffer overflow in parse_dict_node was fixed (bsc#1023848)
- CVE-2017-5835: A memory allocation error leading to DoS was fixed. (bsc#1023822)
- CVE-2017-5836: A type inconsistency in bplist.c was fixed. (bsc#1023807)

</description>
  <summary>Security update for libplist</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places