Security update for libplist SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0428-1 Final 1 1 2017-02-09T07:14:41Z current 2017-02-09T07:14:41Z 2017-02-09T07:14:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libplist This update for libplist addresses the following vulnerabilities: - CVE-2017-5545: OOB heap buffer read which could allow attackers to obtain sensitive information from process memory or cause a DoS (bsc#1021610) - CVE-2017-5209: base64decode function could have allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-02/msg00046.html E-Mail link for openSUSE-SU-2017:0428-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 openSUSE Leap 42.2 libplist-1.12-5.1 libplist++-devel-1.12-5.1 libplist++3-1.12-5.1 libplist++3-32bit-1.12-5.1 libplist-devel-1.12-5.1 libplist3-1.12-5.1 libplist3-32bit-1.12-5.1 plistutil-1.12-5.1 python-plist-1.12-5.1 libplist-1.12-5.1 as a component of openSUSE Leap 42.1 libplist++-devel-1.12-5.1 as a component of openSUSE Leap 42.1 libplist++3-1.12-5.1 as a component of openSUSE Leap 42.1 libplist++3-32bit-1.12-5.1 as a component of openSUSE Leap 42.1 libplist-devel-1.12-5.1 as a component of openSUSE Leap 42.1 libplist3-1.12-5.1 as a component of openSUSE Leap 42.1 libplist3-32bit-1.12-5.1 as a component of openSUSE Leap 42.1 plistutil-1.12-5.1 as a component of openSUSE Leap 42.1 python-plist-1.12-5.1 as a component of openSUSE Leap 42.1 libplist-1.12-5.1 as a component of openSUSE Leap 42.2 libplist++-devel-1.12-5.1 as a component of openSUSE Leap 42.2 libplist++3-1.12-5.1 as a component of openSUSE Leap 42.2 libplist++3-32bit-1.12-5.1 as a component of openSUSE Leap 42.2 libplist-devel-1.12-5.1 as a component of openSUSE Leap 42.2 libplist3-1.12-5.1 as a component of openSUSE Leap 42.2 libplist3-32bit-1.12-5.1 as a component of openSUSE Leap 42.2 plistutil-1.12-5.1 as a component of openSUSE Leap 42.2 python-plist-1.12-5.1 as a component of openSUSE Leap 42.2 The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data. CVE-2017-5209 openSUSE Leap 42.1:libplist++-devel-1.12-5.1 openSUSE Leap 42.1:libplist++3-1.12-5.1 openSUSE Leap 42.1:libplist++3-32bit-1.12-5.1 openSUSE Leap 42.1:libplist-1.12-5.1 openSUSE Leap 42.1:libplist-devel-1.12-5.1 openSUSE Leap 42.1:libplist3-1.12-5.1 openSUSE Leap 42.1:libplist3-32bit-1.12-5.1 openSUSE Leap 42.1:plistutil-1.12-5.1 openSUSE Leap 42.1:python-plist-1.12-5.1 openSUSE Leap 42.2:libplist++-devel-1.12-5.1 openSUSE Leap 42.2:libplist++3-1.12-5.1 openSUSE Leap 42.2:libplist++3-32bit-1.12-5.1 openSUSE Leap 42.2:libplist-1.12-5.1 openSUSE Leap 42.2:libplist-devel-1.12-5.1 openSUSE Leap 42.2:libplist3-1.12-5.1 openSUSE Leap 42.2:libplist3-32bit-1.12-5.1 openSUSE Leap 42.2:plistutil-1.12-5.1 openSUSE Leap 42.2:python-plist-1.12-5.1 moderate 4.3 AV:A/AC:M/Au:N/C:P/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-02/msg00046.html https://www.suse.com/security/cve/CVE-2017-5209.html CVE-2017-5209 https://bugzilla.suse.com/1019531 SUSE Bug 1019531 https://bugzilla.suse.com/1021610 SUSE Bug 1021610 The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. CVE-2017-5545 openSUSE Leap 42.1:libplist++-devel-1.12-5.1 openSUSE Leap 42.1:libplist++3-1.12-5.1 openSUSE Leap 42.1:libplist++3-32bit-1.12-5.1 openSUSE Leap 42.1:libplist-1.12-5.1 openSUSE Leap 42.1:libplist-devel-1.12-5.1 openSUSE Leap 42.1:libplist3-1.12-5.1 openSUSE Leap 42.1:libplist3-32bit-1.12-5.1 openSUSE Leap 42.1:plistutil-1.12-5.1 openSUSE Leap 42.1:python-plist-1.12-5.1 openSUSE Leap 42.2:libplist++-devel-1.12-5.1 openSUSE Leap 42.2:libplist++3-1.12-5.1 openSUSE Leap 42.2:libplist++3-32bit-1.12-5.1 openSUSE Leap 42.2:libplist-1.12-5.1 openSUSE Leap 42.2:libplist-devel-1.12-5.1 openSUSE Leap 42.2:libplist3-1.12-5.1 openSUSE Leap 42.2:libplist3-32bit-1.12-5.1 openSUSE Leap 42.2:plistutil-1.12-5.1 openSUSE Leap 42.2:python-plist-1.12-5.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-02/msg00046.html https://www.suse.com/security/cve/CVE-2017-5545.html CVE-2017-5545 https://bugzilla.suse.com/1021610 SUSE Bug 1021610