Mageia alert MGASA-2013-0251 (libimobiledevice) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2013-0251: Updated libimobiledevice packages fix CVE-2013-2142 
Date:
    	       Sat, 17 Aug 2013 10:47:05 +0200
Message-ID:
    	       <20130817084705.DE69D486BB@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2013-0251 - Updated libimobiledevice packages fix CVE-2013-2142

Publication date: 17 Aug 2013
URL: http://advisories.mageia.org/MGASA-2013-0251.html
Type: security
Affected Mageia releases: 3
CVE: CVE-2013-2142

Description:
Updated libimobiledevice packages fix security vulnerability:

Paul Collins discovered that libimobiledevice incorrectly handled temporary
files. A local attacker could possibly use this issue to overwrite
arbitrary files and access device keys. In the default Ubuntu installation,
this issue should be mitigated by the Yama link restrictions (CVE-2013-2142).

References:
- http://www.ubuntu.com/usn/usn-1927-1
- https://bugs.mageia.org/show_bug.cgi?id=11010
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2142

SRPMS:
- 3/core/libimobiledevice-1.1.4-4.1.mga3
(Log in to post comments)