MDVSA-2012:133

Package name

usbmuxd

Date

2012-08-16

Advisory ID

MDVSA-2012:133

Affected versions

2011 i586 , 2011 x86_64

Problem description

It was discovered that usbmuxd did not correctly perform bounds
checking when processing the SerialNumber field of USB devices. An
attacker with physical access could use this to crash usbmuxd
or potentially execute arbitrary code as the 'usbmux' user
(CVE-2012-0065).

The updated packages have been patched to correct this issue.

Updated packages

2011 i586

 6042e4fd6db6b1ad0b732da254e85645  2011/i586/libusbmuxd1-1.0.7-1.1-mdv2011.0.i586.rpm
 6b150b04a7b9b26509d057e47ffd68f8  2011/i586/libusbmuxd-devel-1.0.7-1.1-mdv2011.0.i586.rpm
 507fb32a1ceb1475eccf1b510fccceb8  2011/i586/usbmuxd-1.0.7-1.1-mdv2011.0.i586.rpm 
 c2bfc642b2511b112d3c00b66e812d70  2011/SRPMS/usbmuxd-1.0.7-1.1.src.rpm

2011 x86_64

 39a8afe4a91644734b9b69132757c150  2011/x86_64/lib64usbmuxd1-1.0.7-1.1-mdv2011.0.x86_64.rpm
 ce27d97c5ea556b8689b0b2c4e34d657  2011/x86_64/lib64usbmuxd-devel-1.0.7-1.1-mdv2011.0.x86_64.rpm
 3d5cdcc2ea7291ea66f70dc49cc826b0  2011/x86_64/usbmuxd-1.0.7-1.1-mdv2011.0.x86_64.rpm 
 c2bfc642b2511b112d3c00b66e812d70  2011/SRPMS/usbmuxd-1.0.7-1.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0065