FEDORA-2017-4047180cd3

security update in Fedora 25 for libplist

Status: stable 2 years ago

Version 2.0.0

Changes:

  • New light-weight custom XML parser
  • Remove libxml2 dependency
  • Refactor binary plist parsing
  • Improved malformed XML and binary plist detection and error handling
  • Add parser debug/error output (when compiled with --enable-debug), controlled via environment variables
  • Fix unicode character handling
  • Add PLIST_IS_* helper macros for the different node types
  • Extend date/time range and date conversion issues
  • Add plist_is_binary() and plist_from_memory() functions to the interface
  • Plug several memory leaks
  • Speed improvements for handling large plist files

Includes security fixes for:

  • CVE-2017-6440
  • CVE-2017-6439
  • CVE-2017-6438
  • CVE-2017-6437
  • CVE-2017-6436
  • CVE-2017-6435
  • CVE-2017-5836
  • CVE-2017-5835
  • CVE-2017-5834
  • CVE-2017-5545
  • CVE-2017-5209

... and several others that didn't receive any CVE (yet).

Comments 10

This update has been submitted for testing by pbrobinson.

This update has been pushed to testing.

no regressions noted

karma: +1

works for me

karma: +1

Works fine on x86_64.

karma: +1 critpath: +1

no regressions noted

karma: +1
  • Works for me.
karma: +1 critpath: +1

This update has been submitted for stable by pbrobinson.

Works fine x86_64.

karma: +1 critpath: +1

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+5
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 10

00 #1412613 CVE-2017-5209 libplist: base64decode buffer over-read via split encoded Apple Property List data
00 #1412614 CVE-2017-5209 libplist: base64decode buffer over-read via split encoded Apple Property List data [fedora-all]
00 #1416008 CVE-2017-5545 libplist: Heap-buffer overflow in plistutil [fedora-all]
00 #1418597 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 libplist: various flaws [fedora-all]
00 #1432951 CVE-2017-6436 libplist: Integer overflow in parse_string_node
00 #1432954 CVE-2017-6437 libplist: Out-of-bounds heap read in base64encode function
00 #1432956 CVE-2017-6438 libplist: Heap-based buffer overflow in parse_unicode_node
00 #1432959 CVE-2017-6439 libplist: Heap-based buffer overflow in parse_string_node
00 #1432965 CVE-2017-6440 libplist: Memory allocation error in parse_data_node
00 #1432971 CVE-2017-6435 CVE-2017-6436 CVE-2017-6437 CVE-2017-6438 CVE-2017-6439 CVE-2017-6440 CVE-2017-7982 libplist: various flaws [fedora-all]

Automated Test Results