MGASA-2018-0025

The base64decode function in libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data (CVE-2017-5209).

The main function in plistutil.c in libimobiledevice libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short (CVE-2017-5545).

A heap-buffer overflow in parsedictnode could cause a segmentation fault (CVE-2017-5834).

Malicious crafted file could cause libplist to allocate large amounts of memory and consume lots of CPU because of a memory allocation error (CVE-2017-5835).

A type inconsistency in bplist.c could cause the application to crash (CVE-2017-5836).

Crafted plist file could lead to Heap-buffer overflow (CVE-2017-6435).

Integer overflow in parsestringnode (CVE-2017-6436).

The base64encode function in base64.c allows local users to cause denial of service (out-of-bounds read) via a crafted plist file (CVE-2017-6437).

Heap-based buffer overflow in the parseunicodenode function (CVE-2017-6438).

Heap-based buffer overflow in the parsestringnode function (CVE-2017-6439).

Ensure that sanity checks work on 32-bit platforms (CVE-2017-6440).

Add some safety checks, backported from upstream (CVE-2017-7982).

The gvfs, ifuse, kodi, libgpod, libimobiledevice, upower, and usbmuxd packages have been rebuilt for the updated libplist.