[SECURITY] [DLA 2121-1] libimobiledevice security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2121-1] libimobiledevice security update
From: Dylan Aïssi <daissi@debian.org>
Date: Thu, 27 Feb 2020 22:18:02 +0100
Message-id: <[🔎] CA+6XHwQjyiHKoZoB1+Jbo7+GEEsKxEw=Tq_WE6c9zkEb4rVnZA@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libimobiledevice
Version        : 1.1.6+dfsg-3.1+deb8u1
CVE ID         : CVE-2016-5104
Debian Bug     : 825553

It was discovered that libimobiledevice incorrectly handled socket
permissions. A remote attacker could use this issue to access
services on iOS devices, contrary to expectations.

For Debian 8 "Jessie", this problem has been fixed in version
1.1.6+dfsg-3.1+deb8u1.

We recommend that you upgrade your libimobiledevice packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAl5YMccACgkQYS7xYT4F
D1RWqw/+ONun5W90ecKwS1qj2aCf3cpMBXaihdzK6eW5PDdYgTkJy7JsqBBRs0l+
FW3H/8waWIK2+B6qk/gX2QnOOZsHe0R5HDxwymtjEPcldNmY+CL4WnNRjFupwaA9
4IgADOBgxl5D5WDvrJ8x8MJoUxP3SP0FjODpj70Zt9LaWlokUhTuvgL869Ma6pPO
pD2ZvYJoC7gFKv8Yh/ZkeE+wZVQG+ey5fCUQZr/FTXFtoXBdQbO+sTZUXzOXU+Of
Bh1BoEymGwt//jHg3/Z17R3SFvon+Rs3USNq3/OeAUdJTg3Ivef/1kvfK7ODoZeW
dVqITXWf0l+gFmuF79Ew6D0uvX+MAKtSnQDb5XnXH6Y+UQHp2tlz05wKrFHC+nnY
4qlz+d+m8NMCqGi9NpSeVgH2QH3BdyZtYw0ryc98eGaQx1s0UpziAHHEmfFviExi
AWNb6ETyeK1Y9hTEnLQHMHbnf6dBrKFiT+s1C4PRYCoTqsv11HTMiPwL35IGGHo4
LuQ0JJoEj0jN3Wcmvj3aIq6o+4Byxhsa6hHz5k56xsmOMgRKyjPrS2SCxeeLmvyA
NC5IsZP6FmSpzUgb+tjv9EvN4E0rtp8Ir8zKctHGTYqz1yWJyY7okMDVs8vVVybI
7ylmts6Po0t/W4lZhL9aA+onPgvkEI4W8D1LlbzNEOoTvOGnlCo=
=iL6+
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2120-1] rake security update
Next by Date: [SECURITY] [DLA 2122-1] libusbmuxd security update
Previous by thread: [SECURITY] [DLA 2120-1] rake security update
Next by thread: [SECURITY] [DLA 2122-1] libusbmuxd security update
Index(es):
- Date
- Thread