Home / mailings [USN-1927-1] libimobiledevice vulnerability
Posted on 14 August 2013
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-1927-1
August 14, 2013
libimobiledevice vulnerability
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
Summary:
libimobiledevice could be made to overwrite files as the administrator, o=
r
access device keys.
Software Description:
- libimobiledevice: Library for communicating with iPhone and iPod Touch =
devices
Details:
Paul Collins discovered that libimobiledevice incorrectly handled tempora=
ry
files. A local attacker could possibly use this issue to overwrite
arbitrary files and access device keys. In the default Ubuntu installatio=
n,
this issue should be mitigated by the Yama link restrictions.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
libimobiledevice3 1.1.4-1ubuntu6.2
Ubuntu 12.10:
libimobiledevice3 1.1.4-1ubuntu3.2
In general, a standard system update will make all the necessary changes.=
References:
http://www.ubuntu.com/usn/usn-1927-1
CVE-2013-2142
Package Information:
https://launchpad.net/ubuntu/+source/libimobiledevice/1.1.4-1ubuntu6.2
https://launchpad.net/ubuntu/+source/libimobiledevice/1.1.4-1ubuntu3.2
------------
