Articles / Ubuntu: New usbmuxd package...

Ubuntu: New usbmuxd packages fix security vulnerabilities

It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the ‘usbmux’ user. Updated packages are available from security.ubuntu.com.

==========================================================================
Ubuntu Security Notice USN-1354-1
February 01, 2012

usbmuxd vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04

Summary:

usbmuxd could be made to crash or run programs if it received specially
crafted input.

Software Description:
- usbmuxd: USB multiplexor daemon for iPhone and iPod Touch devices

Details:

It was discovered that usbmuxd did not correctly perform bounds checking
when processing the SerialNumber field of USB devices. An attacker with
physical access could use this to crash usbmuxd or potentially execute
arbitrary code as the 'usbmux' user.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
 libusbmuxd1                     1.0.7-1ubuntu0.11.10.1

Ubuntu 11.04:
 libusbmuxd1                     1.0.7-1ubuntu0.11.04.1

In general, a standard system update will make all the necessary changes.

References:
 http://www.ubuntu.com/usn/usn-1354-1
 CVE-2012-0065

Package Information:
 https://launchpad.net/ubuntu/+source/usbmuxd/1.0.7-1ubuntu0.11.10.1
 https://launchpad.net/ubuntu/+source/usbmuxd/1.0.7-1ubuntu0.11.04.1
Screenshot

Project Spotlight

FastCRM

A Web-based customer relationship management system.

Screenshot

Project Spotlight

validator.php

A script to automatically validate HTML code generated by a PHP script.