-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.0728
                        libusbmuxd security update
                             28 February 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libusbmuxd
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Unauthorised Access -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-5104  

Reference:         ESB-2016.1570
                   ESB-2020.0727

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2020/02/msg00028.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libusbmuxd
Version        : 1.0.9-1+deb8u1
CVE ID         : CVE-2016-5104
Debian Bug     : 825554

It was discovered that libusbmuxd incorrectly handled socket
permissions. A remote attacker could use this issue to access
services on iOS devices, contrary to expectations.

For Debian 8 "Jessie", this problem has been fixed in version
1.0.9-1+deb8u1.

We recommend that you upgrade your libusbmuxd packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAl5YPb4ACgkQYS7xYT4F
D1TEIg/9GuzK8IIrJvpD8sDS0ihn0YNeOjIMPKQ1sij+ihQ3vTGIW7vixUaTLIXg
H151hhyefKmxhoJ/ArdreZ8gip/XqWDril2g2i/7B8tH1mU0sYCTfueGeeayHflk
qua+5LQoviLIcH0nu2fN4dRKIY12A6va9vpEIa8nd7M/jeKGaiOOkGXqtyKTJnyE
tWRzCgaZ/PVGXF9Jx6nLmynCPZdBjbrPxrNr5cxqAJhardNCMFY0HepWfyLGOjyt
4CNbx5idAw89xL+T6M5rV+zQ3Eq8tuDhLNhUkFHNaJknlJBszUUHghG4tuwHoCAT
bjUBN1mW+2DwK5Ym2BJGRi32EDSVEi2IX5AkNx5cxetpHtkXwMN3BcwEUAPN4HtV
enBOBKj6jLnNSCBTeCnazonRaRijyreJ17rAPK1oiJcAzr64Qqs8yA//+DgBeEHW
ommCW6K8TEao+YGLLLfBHkxNP5i1Tm9kzK432zdYjB3c2ix6KBOVmAKIM/1zPXmg
xk1kw9f4pFmu4T4BPxtf89Amf5x7m9BkKPlWG3yxdl1ab7DELzWtdEAZcher0OGc
t5Fc71TcUvujUAmdFtV9eoQH0v22tX2S4MvUJZj/L4E2rVkj2E+ZSq9KFx6Hi4Z1
gKQio9vdU39AWZQvEBSTdA6BtAwgsaVnSZObDW3mFAewv/WzFck=
=bvjO
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXliZXWaOgq3Tt24GAQg8Ww//SnjiMhaWMmrIaJ/ppKQ6BhLcAA/F5Ebm
FTNq+NEZPH3da1N13LHQK7QzJ7pIROZZvyJ+5N28EjrPS/S6qnjC/e7Rql+v66dp
WGBb7whAJNajxx6h74cz9klcIVXk+g/PkdhNjMpYgh8YhPO5ZEUtF6v8RaUhB/l+
7/oNzYon009KrQnl1pyGhxBReTZrYbDAnHmOnyWMZ1IeO24Em4d2DxAwLLjEIeKu
1RNcS0AXkJQjunlJDszwxhUn1PsOgGInK7cRYPK9bF7HelOxbVLbgQRGtZNpEtp5
25+o0I9y5qtq8b1P+JI7+WqC+DzizR6rC7Pb9gZn2DEv/WFtwatpHtYyBjN5V67y
XnkHwyUCUYQtFEd3tVaE8fktPnh7nPFTmVPQ1lEt2505Cj76XPZ4VeU2k9TYnGIX
wlxYizEwf2fQMcp8dpA5FVqbyDhXnaB31yKUx8gfxMBUjBOcPtDmZdLfDzZ+4r5r
N6877bhAjEUJ+i5OqyuAqDvrNmSgVHBTrBOV3aq6WNwy6NH6ybTptwaWJhbwze4I
0ozh5J5si+zRS3GLGEEzkoavL2QkV6JoB87zVP3aLM8LMDeNwdFESngDrIGUWC7+
Gg1IkufmcY325OiQVBzbjPdEOxMMCnEbgLWN60jSRbkYA+w+mOINrUcDPQHwGN88
BGJ1I6EwO74=
=3k9Y
-----END PGP SIGNATURE-----