FEDORA-2017-4047180cd3 created by pbrobinson 3 years ago for Fedora 25
stable

Version 2.0.0

Changes:

  • New light-weight custom XML parser
  • Remove libxml2 dependency
  • Refactor binary plist parsing
  • Improved malformed XML and binary plist detection and error handling
  • Add parser debug/error output (when compiled with --enable-debug), controlled via environment variables
  • Fix unicode character handling
  • Add PLIST_IS_* helper macros for the different node types
  • Extend date/time range and date conversion issues
  • Add plist_is_binary() and plist_from_memory() functions to the interface
  • Plug several memory leaks
  • Speed improvements for handling large plist files

Includes security fixes for:

  • CVE-2017-6440
  • CVE-2017-6439
  • CVE-2017-6438
  • CVE-2017-6437
  • CVE-2017-6436
  • CVE-2017-6435
  • CVE-2017-5836
  • CVE-2017-5835
  • CVE-2017-5834
  • CVE-2017-5545
  • CVE-2017-5209

... and several others that didn't receive any CVE (yet).

How to install

sudo dnf upgrade --advisory=FEDORA-2017-4047180cd3

This update has been submitted for testing by pbrobinson.

3 years ago

This update has been pushed to testing.

3 years ago
User Icon filiperosset commented & provided feedback 3 years ago
karma

no regressions noted

User Icon cserpentis commented & provided feedback 3 years ago
karma

works for me

User Icon jayjayjazz commented & provided feedback 3 years ago
karma

Works fine on x86_64.

User Icon akinsola commented & provided feedback 3 years ago
karma

no regressions noted

User Icon sassam commented & provided feedback 3 years ago
karma
  • Works for me.

This update has been submitted for stable by pbrobinson.

3 years ago
User Icon jayjayjazz commented & provided feedback 3 years ago
karma

Works fine x86_64.

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Karma
5
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
BZ#1412613 CVE-2017-5209 libplist: base64decode buffer over-read via split encoded Apple Property List data
0
0
BZ#1412614 CVE-2017-5209 libplist: base64decode buffer over-read via split encoded Apple Property List data [fedora-all]
0
0
BZ#1416008 CVE-2017-5545 libplist: Heap-buffer overflow in plistutil [fedora-all]
0
0
BZ#1418597 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 libplist: various flaws [fedora-all]
0
0
BZ#1432951 CVE-2017-6436 libplist: Integer overflow in parse_string_node
0
0
BZ#1432954 CVE-2017-6437 libplist: Out-of-bounds heap read in base64encode function
0
0
BZ#1432956 CVE-2017-6438 libplist: Heap-based buffer overflow in parse_unicode_node
0
0
BZ#1432959 CVE-2017-6439 libplist: Heap-based buffer overflow in parse_string_node
0
0
BZ#1432965 CVE-2017-6440 libplist: Memory allocation error in parse_data_node
0
0
BZ#1432971 CVE-2017-6435 CVE-2017-6436 CVE-2017-6437 CVE-2017-6438 CVE-2017-6439 CVE-2017-6440 CVE-2017-7982 libplist: various flaws [fedora-all]
0
0

Automated Test Results