-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.1199
                         libplist security update
                               3 April 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libplist
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Denial of Service        -- Remote with User Interaction
                   Access Confidential Data -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-7982 CVE-2017-6439 CVE-2017-6436
                   CVE-2017-6435 CVE-2017-5835 CVE-2017-5834
                   CVE-2017-5545 CVE-2017-5209 

Reference:         ESB-2017.2431

Original Bulletin: 
   https://www.debian.org/lts/security/2020/dla-2168

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libplist
Version        : 1.11-3+deb8u1
CVE ID         : CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835
                 CVE-2017-6435 CVE-2017-6436 CVE-2017-6439 CVE-2017-7982
Debian Bug     : 851196 852385 854000 860945


libplist is a library for reading and writing the Apple binary and XML
property lists format. It's part of the libimobiledevice stack, providing
access to iDevices (iPod, iPhone, iPad ...).

CVE-2017-5209

    The base64decode function in base64.c allows attackers to obtain sensitive
    information from process memory or cause a denial of service (buffer
    over-read) via split encoded Apple Property List data.

CVE-2017-5545

    The main function in plistutil.c allows attackers to obtain sensitive
    information from process memory or cause a denial of service (buffer
    over-read) via Apple Property List data that is too short.

CVE-2017-5834

    The parse_dict_node function in bplist.c allows attackers to cause a denial
    of service (out-of-bounds heap read and crash) via a crafted file.

CVE-2017-5835

    libplist allows attackers to cause a denial of service (large memory
    allocation and crash) via vectors involving an offset size of zero.

CVE-2017-6435

    The parse_string_node function in bplist.c allows local users to cause a
    denial of service (memory corruption) via a crafted plist file.

CVE-2017-6436

    The parse_string_node function in bplist.c allows local users to cause a
    denial of service (memory allocation error) via a crafted plist file.

CVE-2017-6439

    Heap-based buffer overflow in the parse_string_node function in bplist.c
    allows local users to cause a denial of service (out-of-bounds write) via
    a crafted plist file.

CVE-2017-7982

    Integer overflow in the plist_from_bin function in bplist.c allows remote
    attackers to cause a denial of service (heap-based buffer over-read and
    application crash) via a crafted plist file.

For Debian 8 "Jessie", these problems have been fixed in version
1.11-3+deb8u1.

We recommend that you upgrade your libplist packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAl6Fm5QACgkQYS7xYT4F
D1T6Ow//TDn8f6all78wxwayx+WTCPASckG2Rb+IDCW1GEyfmUIBwGqFGYMT0vlF
NZeZzvda+o3SoWfM9CYEa7NYgMqQBkL3NlZyjw0Ttd8ACb2HG8/N2oQiTAFsT6/5
3ABTVlLcpULTd2m1sNruY1jzpXY2cUCpNAozaH8s8EiMNibEOiO553RJ1tD8mGg6
g9dcwy4xP1rWGCrXrCON4hbNdrEcFfM/K2Cz2aZujJyDF3kcS14dqVfT6xUDEnaZ
Lj7Zp0PVZ29ij6F4uE7ALYLxwjqWObY3Vepb76MuEWhcWrDLpbw3RIKHKGR0wBka
Cavt9EGDIKUeBVFAT7CeSwThwueyHlUZqBysDlpI3XoYE/rxS5UOB++sIXO1zbnK
4na/CvN49D8EVKmWUxiBjdJrdws4reREvcl628ZOR40i10qBcFCw4+J93CL+kbhM
Dd1mSYg+JBVBj5dFsX+foFLZaGDzFJrSjyG6dU6AyEggQkkzBWxeSyh6jTb2SdkO
HehEKqsyJiVmgDiewX68xQmaR3jAb2HezzQbvL52giMm7CIrnC3fgkihuDoyby9s
/wLDhQXng74VCArbEVI0UCedt5Cd+j3oLe5TfFjZ6WuxcaMSkW1CUbFaphoVW/iy
I4Jhn7Z7T2fxuo6upsb3A7rXrVqUcnnqq1hxAsZOFtHVXdgbfA0=
=x5+z
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXoanCWaOgq3Tt24GAQhGZg//WhwJ9V2MjlHy2E5Izo3FFr6OzQCw+7ca
PP1Mg7/ZgeVT8/6epy5Gf74UhwkaIJKBROEFjKAyZAwVqnFCmKVPAMoCaTtZ38qp
U5CpzjVw5KDyb0STOvxsppxCKp3rPyqzbaq2wmFztRx31+dzhBcM9H5K30ol3kaW
oO8kbRm2MZ8uB4JMEXFcKxRhaXBcnkRvGMxn3Zz5e/9LHopFFpzNH/XCMqIjSX0x
yMs/oAcQfiP+6rYWLHT8qpfFwXHFhub+Im6N73cW1C0RRinydwePpmIgbMTDltg/
nLJiWoVZoMRhYBY5VtkE9i0SXplQqxdhvfLpFLTF35a340VVmEA9+rXMkhKUXmsX
LuTl5BHl0FakNuAoOPTyoBOJkiWbzglsqEi60+M06GwO0SXh7Q3Fhxtd27XSis1o
OGTt4i07mrv9kh0eg71z265y/9zuR2nb5OF5yNgU6Cc1CsnjHnFtVhmMYwwhQ+14
2/jGbBODxbG2guHr4Rj7xe+kdRK1Tfcy+R6zj1Zu2aAd/Tb8xk+zIsztO5MSH2gg
ZL1IM7zkppH1X65mlKBb4iSdb/kRQhxdcGx96DQ6wrYzKZZEv9QAX3fMs2URL+wa
Q1x38YVS+lmArKF+wfAVEe8BbeBkqbd5foYaQklnCfpccA3yDXlLQV7OJbCsooHe
aRQ/WnNMIPo=
=Zeoa
-----END PGP SIGNATURE-----