[SECURITY] [DLA 2122-1] libusbmuxd security update

2020-02-2722:08:52

lists.debian.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.4 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.9%

JSON

Package : libusbmuxd
Version : 1.0.9-1+deb8u1
CVE ID : CVE-2016-5104
Debian Bug : 825554

It was discovered that libusbmuxd incorrectly handled socket
permissions. A remote attacker could use this issue to access
services on iOS devices, contrary to expectations.

For Debian 8 "Jessie", this problem has been fixed in version
1.0.9-1+deb8u1.

We recommend that you upgrade your libusbmuxd packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8amd64libimobiledevice4< 1.1.6+dfsg-3.1+deb8u1libimobiledevice4_1.1.6+dfsg-3.1+deb8u1_amd64.deb
Debian8amd64libimobiledevice-dev< 1.1.6+dfsg-3.1+deb8u1libimobiledevice-dev_1.1.6+dfsg-3.1+deb8u1_amd64.deb
Debian8armhflibusbmuxd2< 1.0.9-1+deb8u1libusbmuxd2_1.0.9-1+deb8u1_armhf.deb
Debian8armhflibusbmuxd-dev< 1.0.9-1+deb8u1libusbmuxd-dev_1.0.9-1+deb8u1_armhf.deb
Debian8amd64libimobiledevice-utils< 1.1.6+dfsg-3.1+deb8u1libimobiledevice-utils_1.1.6+dfsg-3.1+deb8u1_amd64.deb
Debian8i386libusbmuxd-dev< 1.0.9-1+deb8u1libusbmuxd-dev_1.0.9-1+deb8u1_i386.deb
Debian8armellibusbmuxd2-dbg< 1.0.9-1+deb8u1libusbmuxd2-dbg_1.0.9-1+deb8u1_armel.deb
Debian8i386libimobiledevice-dev< 1.1.6+dfsg-3.1+deb8u1libimobiledevice-dev_1.1.6+dfsg-3.1+deb8u1_i386.deb
Debian8armhflibimobiledevice-utils< 1.1.6+dfsg-3.1+deb8u1libimobiledevice-utils_1.1.6+dfsg-3.1+deb8u1_armhf.deb
Debian8armellibusbmuxd-tools< 1.0.9-1+deb8u1libusbmuxd-tools_1.0.9-1+deb8u1_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	amd64	libimobiledevice4	< 1.1.6+dfsg-3.1+deb8u1	libimobiledevice4_1.1.6+dfsg-3.1+deb8u1_amd64.deb
Debian	8	amd64	libimobiledevice-dev	< 1.1.6+dfsg-3.1+deb8u1	libimobiledevice-dev_1.1.6+dfsg-3.1+deb8u1_amd64.deb
Debian	8	armhf	libusbmuxd2	< 1.0.9-1+deb8u1	libusbmuxd2_1.0.9-1+deb8u1_armhf.deb
Debian	8	armhf	libusbmuxd-dev	< 1.0.9-1+deb8u1	libusbmuxd-dev_1.0.9-1+deb8u1_armhf.deb
Debian	8	amd64	libimobiledevice-utils	< 1.1.6+dfsg-3.1+deb8u1	libimobiledevice-utils_1.1.6+dfsg-3.1+deb8u1_amd64.deb
Debian	8	i386	libusbmuxd-dev	< 1.0.9-1+deb8u1	libusbmuxd-dev_1.0.9-1+deb8u1_i386.deb
Debian	8	armel	libusbmuxd2-dbg	< 1.0.9-1+deb8u1	libusbmuxd2-dbg_1.0.9-1+deb8u1_armel.deb
Debian	8	i386	libimobiledevice-dev	< 1.1.6+dfsg-3.1+deb8u1	libimobiledevice-dev_1.1.6+dfsg-3.1+deb8u1_i386.deb
Debian	8	armhf	libimobiledevice-utils	< 1.1.6+dfsg-3.1+deb8u1	libimobiledevice-utils_1.1.6+dfsg-3.1+deb8u1_armhf.deb
Debian	8	armel	libusbmuxd-tools	< 1.0.9-1+deb8u1	libusbmuxd-tools_1.0.9-1+deb8u1_armel.deb