[SECURITY] Fedora 16 Update: usbmuxd-1.0.7-3.fc16

updates at fedoraproject.org updates at fedoraproject.org
Fri Feb 17 23:54:23 UTC 2012


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-1192
2012-02-02 16:54:40
--------------------------------------------------------------------------------

Name        : usbmuxd
Product     : Fedora 16
Version     : 1.0.7
Release     : 3.fc16
URL         : http://marcansoft.com/uploads/
Summary     : Daemon for communicating with Apple's iPod Touch and iPhone
Description :
usbmuxd is a daemon used for communicating with Apple's iPod Touch and iPhone
devices. It allows multiple services on the device to be accessed
simultaneously.

--------------------------------------------------------------------------------
Update Information:

Fixes CVE-2012-0065

It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the 'usbmux' user.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  2 2012 Peter Robinson <pbrobinson at fedoraproject.org> - 1.0.7-3
- Add debian patch for CVE-2012-0065. Fixes RHBZ 783523
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #783523 - CVE-2012-0065 usbmuxd 1.0.7 receive_packet() Buffer Overflow Vulnerability [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=783523
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update usbmuxd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list