stable

libplist-2.0.0-1.fc24

FEDORA-2017-3849af4477 created by pbrobinson 7 years ago for Fedora 24

Version 2.0.0

Changes:

  • New light-weight custom XML parser
  • Remove libxml2 dependency
  • Refactor binary plist parsing
  • Improved malformed XML and binary plist detection and error handling
  • Add parser debug/error output (when compiled with --enable-debug), controlled via environment variables
  • Fix unicode character handling
  • Add PLIST_IS_* helper macros for the different node types
  • Extend date/time range and date conversion issues
  • Add plist_is_binary() and plist_from_memory() functions to the interface
  • Plug several memory leaks
  • Speed improvements for handling large plist files

Includes security fixes for:

  • CVE-2017-6440
  • CVE-2017-6439
  • CVE-2017-6438
  • CVE-2017-6437
  • CVE-2017-6436
  • CVE-2017-6435
  • CVE-2017-5836
  • CVE-2017-5835
  • CVE-2017-5834
  • CVE-2017-5545
  • CVE-2017-5209

... and several others that didn't receive any CVE (yet).

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2017-3849af4477

This update has been submitted for testing by pbrobinson.

7 years ago

This update has been pushed to testing.

7 years ago
User Icon filiperosset commented & provided feedback 7 years ago
karma

no regressions noted

User Icon pwhalen commented & provided feedback 7 years ago
karma

Looks good.

This update has been submitted for stable by pbrobinson.

7 years ago

This update has been pushed to stable.

7 years ago

Please login to add feedback.

Metadata
Type
security
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
in stable
7 years ago
BZ#1412613 CVE-2017-5209 libplist: base64decode buffer over-read via split encoded Apple Property List data
0
0
BZ#1412614 CVE-2017-5209 libplist: base64decode buffer over-read via split encoded Apple Property List data [fedora-all]
0
0
BZ#1416008 CVE-2017-5545 libplist: Heap-buffer overflow in plistutil [fedora-all]
0
0
BZ#1418597 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 libplist: various flaws [fedora-all]
0
0
BZ#1432951 CVE-2017-6436 libplist: Integer overflow in parse_string_node
0
0
BZ#1432954 CVE-2017-6437 libplist: Out-of-bounds heap read in base64encode function
0
0
BZ#1432956 CVE-2017-6438 libplist: Heap-based buffer overflow in parse_unicode_node
0
0
BZ#1432959 CVE-2017-6439 libplist: Heap-based buffer overflow in parse_string_node
0
0
BZ#1432965 CVE-2017-6440 libplist: Memory allocation error in parse_data_node
0
0
BZ#1432971 CVE-2017-6435 CVE-2017-6436 CVE-2017-6437 CVE-2017-6438 CVE-2017-6439 CVE-2017-6440 CVE-2017-7982 libplist: various flaws [fedora-all]
0
0

Automated Test Results