Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0728 libusbmuxd security update 28 February 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libusbmuxd Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-5104 Reference: ESB-2016.1570 ESB-2020.0727 Original Bulletin: https://lists.debian.org/debian-lts-announce/2020/02/msg00028.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libusbmuxd Version : 1.0.9-1+deb8u1 CVE ID : CVE-2016-5104 Debian Bug : 825554 It was discovered that libusbmuxd incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations. For Debian 8 "Jessie", this problem has been fixed in version 1.0.9-1+deb8u1. We recommend that you upgrade your libusbmuxd packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAl5YPb4ACgkQYS7xYT4F D1TEIg/9GuzK8IIrJvpD8sDS0ihn0YNeOjIMPKQ1sij+ihQ3vTGIW7vixUaTLIXg H151hhyefKmxhoJ/ArdreZ8gip/XqWDril2g2i/7B8tH1mU0sYCTfueGeeayHflk qua+5LQoviLIcH0nu2fN4dRKIY12A6va9vpEIa8nd7M/jeKGaiOOkGXqtyKTJnyE tWRzCgaZ/PVGXF9Jx6nLmynCPZdBjbrPxrNr5cxqAJhardNCMFY0HepWfyLGOjyt 4CNbx5idAw89xL+T6M5rV+zQ3Eq8tuDhLNhUkFHNaJknlJBszUUHghG4tuwHoCAT bjUBN1mW+2DwK5Ym2BJGRi32EDSVEi2IX5AkNx5cxetpHtkXwMN3BcwEUAPN4HtV enBOBKj6jLnNSCBTeCnazonRaRijyreJ17rAPK1oiJcAzr64Qqs8yA//+DgBeEHW ommCW6K8TEao+YGLLLfBHkxNP5i1Tm9kzK432zdYjB3c2ix6KBOVmAKIM/1zPXmg xk1kw9f4pFmu4T4BPxtf89Amf5x7m9BkKPlWG3yxdl1ab7DELzWtdEAZcher0OGc t5Fc71TcUvujUAmdFtV9eoQH0v22tX2S4MvUJZj/L4E2rVkj2E+ZSq9KFx6Hi4Z1 gKQio9vdU39AWZQvEBSTdA6BtAwgsaVnSZObDW3mFAewv/WzFck= =bvjO - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXliZXWaOgq3Tt24GAQg8Ww//SnjiMhaWMmrIaJ/ppKQ6BhLcAA/F5Ebm FTNq+NEZPH3da1N13LHQK7QzJ7pIROZZvyJ+5N28EjrPS/S6qnjC/e7Rql+v66dp WGBb7whAJNajxx6h74cz9klcIVXk+g/PkdhNjMpYgh8YhPO5ZEUtF6v8RaUhB/l+ 7/oNzYon009KrQnl1pyGhxBReTZrYbDAnHmOnyWMZ1IeO24Em4d2DxAwLLjEIeKu 1RNcS0AXkJQjunlJDszwxhUn1PsOgGInK7cRYPK9bF7HelOxbVLbgQRGtZNpEtp5 25+o0I9y5qtq8b1P+JI7+WqC+DzizR6rC7Pb9gZn2DEv/WFtwatpHtYyBjN5V67y XnkHwyUCUYQtFEd3tVaE8fktPnh7nPFTmVPQ1lEt2505Cj76XPZ4VeU2k9TYnGIX wlxYizEwf2fQMcp8dpA5FVqbyDhXnaB31yKUx8gfxMBUjBOcPtDmZdLfDzZ+4r5r N6877bhAjEUJ+i5OqyuAqDvrNmSgVHBTrBOV3aq6WNwy6NH6ybTptwaWJhbwze4I 0ozh5J5si+zRS3GLGEEzkoavL2QkV6JoB87zVP3aLM8LMDeNwdFESngDrIGUWC7+ Gg1IkufmcY325OiQVBzbjPdEOxMMCnEbgLWN60jSRbkYA+w+mOINrUcDPQHwGN88 BGJ1I6EwO74= =3k9Y -----END PGP SIGNATURE-----