Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in usbmuxd
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in usbmuxd
ID: FEDORA-2012-1213
Distribution: Fedora
Plattformen: Fedora 15
Datum: Sa, 18. Februar 2012, 17:28
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0065
Applikationen: usbmuxd

Originalnachricht

Name        : usbmuxd
Product : Fedora 15
Version : 1.0.7
Release : 3.fc15
URL : http://marcansoft.com/uploads/
Summary : Daemon for communicating with Apple's iPod Touch and iPhone
Description :
usbmuxd is a daemon used for communicating with Apple's iPod Touch and
iPhone
devices. It allows multiple services on the device to be accessed
simultaneously.

-------------------------------------------------------------------------------
-
Update Information:

Fixes CVE-2012-0065

It was discovered that usbmuxd did not correctly perform bounds checking when
processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the 'usbmux' user.
-------------------------------------------------------------------------------
-
ChangeLog:

* Thu Feb 2 2012 Peter Robinson <pbrobinson@fedoraproject.org> - 1.0.7-3
- Add debian patch for CVE-2012-0065. Fixes RHBZ 783523
* Sat Jan 14 2012 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 1.0.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #783523 - CVE-2012-0065 usbmuxd 1.0.7 receive_packet() Buffer
Overflow Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=783523
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update usbmuxd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung