Oval Definition:	oval:org.opensuse.security:def:58689
Revision Date: 2020-12-01 Version: 1 Title: Security update for libplist (Moderate) Description: This update for libplist fixes the following issues: - CVE-2017-5209: The base64decode function in libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data (bsc#1019531). - CVE-2017-5545: The main function in plistutil.c in libimobiledevice libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. (bsc#1021610). - CVE-2017-5836: A type inconsistency in bplist.c was fixed. (bsc#1023807) - CVE-2017-5835: A memory allocation error leading to DoS was fixed. (bsc#1023822) - CVE-2017-5834: A heap-buffer overflow in parse_dict_node was fixed. (bsc#1023848) - CVE-2017-6440: Ensure that sanity checks work on 32-bit platforms. (bsc#1029631) - CVE-2017-7982: Add some safety checks, backported from upstream (bsc#1035312). - CVE-2017-5836: A maliciously crafted file could cause the application to crash. (bsc#1023807). - CVE-2017-5835: Malicious crafted file could cause libplist to allocate large amounts of memory and consume lots of CPU (bsc#1023822) - CVE-2017-5834: Maliciou crafted file could cause a heap buffer overflow or segmentation fault (bsc#1023848) Family: unix Class: patch Status: Reference(s): 1019531 1021610 1023415 1023807 1023822 1023848 1029631 1034674 1034678 1035312 1038709 1038711 1038713 1059061 1064232 1067203 1072193 1073935 1076110 1076119 1076391 1077999 1083635 1085042 1086652 1087081 1087932 1089343 1090123 1091171 1094248 1096130 1096480 1096978 1097140 1097551 1098016 1098425 1098435 1099310 1099924 1100089 1100416 1100418 1100491 1101557 1102340 1102851 1103097 1103119 1103580 1107832 1110233 1122292 1122293 1122299 1128158 1133375 1153332 1172798 1172846 1173659 1173942 1173972 1174247 1174753 1174817 1175168 929629 987170 990636 995374 CVE-2011-3630 CVE-2011-3631 CVE-2011-3632 CVE-2014-8146 CVE-2014-8147 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 CVE-2015-8079 CVE-2016-6252 CVE-2016-6293 CVE-2016-6329 CVE-2017-14952 CVE-2017-15422 CVE-2017-17484 CVE-2017-18344 CVE-2017-3144 CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 CVE-2017-6440 CVE-2017-7478 CVE-2017-7479 CVE-2017-7867 CVE-2017-7868 CVE-2017-7982 CVE-2018-11212 CVE-2018-13053 CVE-2018-13405 CVE-2018-13406 CVE-2018-14633 CVE-2018-14734 CVE-2018-16301 CVE-2018-17182 CVE-2018-1890 CVE-2018-3620 CVE-2018-3646 CVE-2018-5390 CVE-2018-5391 CVE-2018-5711 CVE-2018-5814 CVE-2018-9385 CVE-2019-15165 CVE-2019-16746 CVE-2019-2422 CVE-2019-2449 CVE-2019-9928 CVE-2020-11668 CVE-2020-13844 CVE-2020-14331 SUSE-SU-2017:1379-1 SUSE-SU-2017:1622-1 SUSE-SU-2018:0260-1 SUSE-SU-2018:0532-1 SUSE-SU-2018:1401-1 SUSE-SU-2018:1997-1 SUSE-SU-2018:2344-2 SUSE-SU-2019:0617-1 SUSE-SU-2019:2669-1 SUSE-SU-2020:3263-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND chrony-3.2-lp150.5 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libmodplug-devel-0.3.19-lp151.2.6 is installed OR libmodplug1-0.3.19-lp151.2.6 is installed OR libmodplug1-32bit-0.3.19-lp151.2.6 is installed OR libopenmpt-0.3.19-lp151.2.6 is installed OR libopenmpt-devel-0.3.19-lp151.2.6 is installed OR libopenmpt0-0.3.19-lp151.2.6 is installed OR libopenmpt0-32bit-0.3.19-lp151.2.6 is installed OR libopenmpt_modplug1-0.3.19-lp151.2.6 is installed OR libopenmpt_modplug1-32bit-0.3.19-lp151.2.6 is installed OR openmpt123-0.3.19-lp151.2.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information libplist-1.12-19 is installed OR libplist3-1.12-19 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information kernel-default-4.4.121-92.92 is installed OR kernel-default-base-4.4.121-92.92 is installed OR kernel-default-devel-4.4.121-92.92 is installed OR kernel-devel-4.4.121-92.92 is installed OR kernel-macros-4.4.121-92.92 is installed OR kernel-source-4.4.121-92.92 is installed OR kernel-syms-4.4.121-92.92 is installed OR kgraft-patch-4_4_121-92_92-default-1-3.7 is installed OR kgraft-patch-SLE12-SP2_Update_24-1-3.7 is installed OR lttng-modules-2.7.1-9.4 is installed OR lttng-modules-kmp-default-2.7.1_k4.4.121_92.92-9.4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information gstreamer-plugins-base-1.8.3-13.3 is installed OR gstreamer-plugins-base-lang-1.8.3-13.3 is installed OR libgstallocators-1_0-0-1.8.3-13.3 is installed OR libgstapp-1_0-0-1.8.3-13.3 is installed OR libgstapp-1_0-0-32bit-1.8.3-13.3 is installed OR libgstaudio-1_0-0-1.8.3-13.3 is installed OR libgstaudio-1_0-0-32bit-1.8.3-13.3 is installed OR libgstfft-1_0-0-1.8.3-13.3 is installed OR libgstpbutils-1_0-0-1.8.3-13.3 is installed OR libgstpbutils-1_0-0-32bit-1.8.3-13.3 is installed OR libgstriff-1_0-0-1.8.3-13.3 is installed OR libgstrtp-1_0-0-1.8.3-13.3 is installed OR libgstrtsp-1_0-0-1.8.3-13.3 is installed OR libgstsdp-1_0-0-1.8.3-13.3 is installed OR libgsttag-1_0-0-1.8.3-13.3 is installed OR libgsttag-1_0-0-32bit-1.8.3-13.3 is installed OR libgstvideo-1_0-0-1.8.3-13.3 is installed OR libgstvideo-1_0-0-32bit-1.8.3-13.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND shadow-4.2.1-27.9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND hardlink-1.0-6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND permissions-2015.09.28.1626-17.20 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_180-94_97-default-5-2 is installed OR kgraft-patch-SLE12-SP3_Update_26-5-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_180-94_97-default-6-2 is installed OR kgraft-patch-SLE12-SP3_Update_26-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information postgresql96-9.6.10-3.22 is installed OR postgresql96-contrib-9.6.10-3.22 is installed OR postgresql96-docs-9.6.10-3.22 is installed OR postgresql96-libs-9.6.10-3.22 is installed OR postgresql96-server-9.6.10-3.22 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information mariadb-10.2.18-1 is installed OR mariadb-client-10.2.18-1 is installed OR mariadb-errormessages-10.2.18-1 is installed OR mariadb-tools-10.2.18-1 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information ghostscript-9.27-23.28 is installed OR ghostscript-x11-9.27-23.28 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND python-Django-1.11.23-3.12 is installed
BACK