-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.0727
                     libimobiledevice security update
                             28 February 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libimobiledevice
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Unauthorised Access -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-5104  

Reference:         ESB-2016.1570

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2020/02/msg00027.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libimobiledevice
Version        : 1.1.6+dfsg-3.1+deb8u1
CVE ID         : CVE-2016-5104
Debian Bug     : 825553

It was discovered that libimobiledevice incorrectly handled socket
permissions. A remote attacker could use this issue to access
services on iOS devices, contrary to expectations.

For Debian 8 "Jessie", this problem has been fixed in version
1.1.6+dfsg-3.1+deb8u1.

We recommend that you upgrade your libimobiledevice packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAl5YMccACgkQYS7xYT4F
D1RWqw/+ONun5W90ecKwS1qj2aCf3cpMBXaihdzK6eW5PDdYgTkJy7JsqBBRs0l+
FW3H/8waWIK2+B6qk/gX2QnOOZsHe0R5HDxwymtjEPcldNmY+CL4WnNRjFupwaA9
4IgADOBgxl5D5WDvrJ8x8MJoUxP3SP0FjODpj70Zt9LaWlokUhTuvgL869Ma6pPO
pD2ZvYJoC7gFKv8Yh/ZkeE+wZVQG+ey5fCUQZr/FTXFtoXBdQbO+sTZUXzOXU+Of
Bh1BoEymGwt//jHg3/Z17R3SFvon+Rs3USNq3/OeAUdJTg3Ivef/1kvfK7ODoZeW
dVqITXWf0l+gFmuF79Ew6D0uvX+MAKtSnQDb5XnXH6Y+UQHp2tlz05wKrFHC+nnY
4qlz+d+m8NMCqGi9NpSeVgH2QH3BdyZtYw0ryc98eGaQx1s0UpziAHHEmfFviExi
AWNb6ETyeK1Y9hTEnLQHMHbnf6dBrKFiT+s1C4PRYCoTqsv11HTMiPwL35IGGHo4
LuQ0JJoEj0jN3Wcmvj3aIq6o+4Byxhsa6hHz5k56xsmOMgRKyjPrS2SCxeeLmvyA
NC5IsZP6FmSpzUgb+tjv9EvN4E0rtp8Ir8zKctHGTYqz1yWJyY7okMDVs8vVVybI
7ylmts6Po0t/W4lZhL9aA+onPgvkEI4W8D1LlbzNEOoTvOGnlCo=
=iL6+
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXliZS2aOgq3Tt24GAQjnqw//Ro/Ad5Bl5uEOWHZFKzF7gyhAqTxHy5MB
M01Zd6KAIxz9E9uIQMHQMwtbD7gBK4UOjdUtN9i0C4G8Cd/1qq4ajGxyGt5exxvG
OevWJOCgP/0FVZtKtYq43qnO56Wlzu3SI7Ky1Y1dObQklZPgTALNvUA+HQ9q44tc
DpVqkUbsmaCeniVANnpcM6BqsShe8s/NokCVQTH8k/xN63Q3WluGzlnOsOna99zU
xVCMX+I7v43WC2BnIYHB9OSyM9RkLG5unX9WoZlWtEKSHi41mw6uB/eoUDKoHCgH
fphgVRK/XcQdVCJbV8ONsPd8YH9nHAXSe9ysw9OGj6UJA5PItAP5GmKTTL/+16mM
fEJQwRqcfEe/UCfZAM1vF/gGCX2bGfZrAE4Zrhuq7H2yBbuQPA90awpxcxTy2vzV
mnJ/zxKThq9MOgZimXB75uopdGtG2+63T3S1MtErF7VonzcZpc/nzPl6lmAcdXPB
x1AGCeJy4gVeS9nXYpH4RWzcpT4Dfz0FXWlLyi5XE9SPC3fZkJhhqB1oA/8mcEDJ
oLGMz9vyROGGxLbqD7+/pRLvQr8TNaweLTbLZk2b/GluYPSF3W2SAF/oElZkGn3D
qaZPdtm/brzz81wMn741nn2k1B8zLW+2CMklXb4A41E3/vbbZKwVD6wOm2RxRtBO
AIlvtn8aN48=
=DrSU
-----END PGP SIGNATURE-----