5.2 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.9%
Issue Overview:
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499. (CVE-2015-10082)
Affected Packages:
libplist
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update libplist to update your system.
New Packages:
aarch64:
libplist-1.12-3.amzn2.0.3.aarch64
libplist-devel-1.12-3.amzn2.0.3.aarch64
libplist-python-1.12-3.amzn2.0.3.aarch64
libplist-debuginfo-1.12-3.amzn2.0.3.aarch64
i686:
libplist-1.12-3.amzn2.0.3.i686
libplist-devel-1.12-3.amzn2.0.3.i686
libplist-python-1.12-3.amzn2.0.3.i686
libplist-debuginfo-1.12-3.amzn2.0.3.i686
src:
libplist-1.12-3.amzn2.0.3.src
x86_64:
libplist-1.12-3.amzn2.0.3.x86_64
libplist-devel-1.12-3.amzn2.0.3.x86_64
libplist-python-1.12-3.amzn2.0.3.x86_64
libplist-debuginfo-1.12-3.amzn2.0.3.x86_64
Red Hat: CVE-2015-10082
Mitre: CVE-2015-10082
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 2 | aarch64 | libplist | < 1.12-3.amzn2.0.3 | libplist-1.12-3.amzn2.0.3.aarch64.rpm |
Amazon Linux | 2 | aarch64 | libplist-devel | < 1.12-3.amzn2.0.3 | libplist-devel-1.12-3.amzn2.0.3.aarch64.rpm |
Amazon Linux | 2 | aarch64 | libplist-python | < 1.12-3.amzn2.0.3 | libplist-python-1.12-3.amzn2.0.3.aarch64.rpm |
Amazon Linux | 2 | aarch64 | libplist-debuginfo | < 1.12-3.amzn2.0.3 | libplist-debuginfo-1.12-3.amzn2.0.3.aarch64.rpm |
Amazon Linux | 2 | i686 | libplist | < 1.12-3.amzn2.0.3 | libplist-1.12-3.amzn2.0.3.i686.rpm |
Amazon Linux | 2 | i686 | libplist-devel | < 1.12-3.amzn2.0.3 | libplist-devel-1.12-3.amzn2.0.3.i686.rpm |
Amazon Linux | 2 | i686 | libplist-python | < 1.12-3.amzn2.0.3 | libplist-python-1.12-3.amzn2.0.3.i686.rpm |
Amazon Linux | 2 | i686 | libplist-debuginfo | < 1.12-3.amzn2.0.3 | libplist-debuginfo-1.12-3.amzn2.0.3.i686.rpm |
Amazon Linux | 2 | x86_64 | libplist | < 1.12-3.amzn2.0.3 | libplist-1.12-3.amzn2.0.3.x86_64.rpm |
Amazon Linux | 2 | x86_64 | libplist-devel | < 1.12-3.amzn2.0.3 | libplist-devel-1.12-3.amzn2.0.3.x86_64.rpm |
5.2 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.9%