Ubuntu
usbmuxd package

buffer overflow introduced in 1.0.7 (CVE-2012-0065)

Bug #919435 reported by Julien Lavergne on 2012-01-20

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	usbmuxd (Debian)	Fix Released	Unknown	debbugs #656581
	usbmuxd (Ubuntu)	Fix Released	Medium	Unassigned
	Natty	Fix Released	Medium	Jamie Strandboge
	Oneiric	Fix Released	Medium	Jamie Strandboge
	Precise	Fix Released	Medium	Unassigned

Bug Description

From Debian bug tracker : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656581
Version 1.0.7-1 is affected, including precise, oneiric and natty.
Patch available upstream : http://cgit.sukimashita.com/usbmuxd.git/commit/?id=8968476bb5262d8aef20cb199337b174d338beb8
Fixed package available on mentors.debian.net : http://mentors.debian.net/package/usbmuxd

Related branches

lp:ubuntu/oneiric-security/usbmuxd

lp:ubuntu/natty-security/usbmuxd

CVE References

2012-0065

Bug Watch Updater (bug-watch-updater) on 2012-01-20

Changed in usbmuxd (Debian):
status:	Unknown → Confirmed

Bug Watch Updater (bug-watch-updater) on 2012-01-24

Changed in usbmuxd (Debian):
status:	Confirmed → Fix Released

Marc Deslauriers (mdeslaur) on 2012-01-27

visibility:	private → public
Changed in usbmuxd (Ubuntu Natty):
status:	New → Confirmed
Changed in usbmuxd (Ubuntu Oneiric):
status:	New → Confirmed
Changed in usbmuxd (Ubuntu Precise):
status:	New → Confirmed
Changed in usbmuxd (Ubuntu Natty):
importance:	Undecided → Medium
Changed in usbmuxd (Ubuntu Oneiric):
importance:	Undecided → Medium
Changed in usbmuxd (Ubuntu Precise):
importance:	Undecided → Medium

Leo Iannacone (l3on) on 2012-01-27

Changed in usbmuxd (Ubuntu Precise):
assignee:	nobody → Leo Iannacone (l3on)

Leo Iannacone (l3on) on 2012-01-29

Changed in usbmuxd (Ubuntu Oneiric):
assignee:	nobody → Leo Iannacone (l3on)
Changed in usbmuxd (Ubuntu Natty):
assignee:	nobody → Leo Iannacone (l3on)

Leo Iannacone (l3on) on 2012-01-29

Changed in usbmuxd (Ubuntu Natty):
assignee:	Leo Iannacone (l3on) → nobody
Changed in usbmuxd (Ubuntu Oneiric):
assignee:	Leo Iannacone (l3on) → nobody
Changed in usbmuxd (Ubuntu Precise):
assignee:	Leo Iannacone (l3on) → nobody

Daniel Holbach (dholbach) on 2012-01-30

Changed in usbmuxd (Ubuntu Precise):
status:	Confirmed → Fix Released

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2012-01-30:

#1

Thanks for the update. The patch for Oneiric looks fine, but it does not conform to https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging. Since this is officially supported and easy to fix, I will update it and upload.

Changed in usbmuxd (Ubuntu Oneiric):
assignee:	nobody → Jamie Strandboge (jdstrand)
status:	Confirmed → In Progress
Changed in usbmuxd (Ubuntu Natty):
assignee:	nobody → Jamie Strandboge (jdstrand)
status:	Confirmed → In Progress

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2012-01-30:

#2

Same for Natty.

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2012-01-30:

#3

Uploaded to the security ppa.

Changed in usbmuxd (Ubuntu Natty):
status:	In Progress → Fix Committed
Changed in usbmuxd (Ubuntu Oneiric):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-02-01:

#4

This bug was fixed in the package usbmuxd - 1.0.7-1ubuntu0.11.10.1

---------------
usbmuxd (1.0.7-1ubuntu0.11.10.1) oneiric-security; urgency=high

  * SECURITY UPDATE: fix possible buffer overflow
    - 90-cve-2012-0065.patch: use strncpy() instead of strcpy in
      libusbmuxd/libusbmuxd.c receive_packet() with a size that
      ensures we don't overflow dev->serial_number
    - CVE-2012-0065
    - LP: #919435
-- Leo Iannacone <email address hidden> Sun, 29 Jan 2012 16:14:32 +0100

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-02-01:

#5

This bug was fixed in the package usbmuxd - 1.0.7-1ubuntu0.11.04.1

---------------
usbmuxd (1.0.7-1ubuntu0.11.04.1) natty-security; urgency=high

  * SECURITY UPDATE: fix possible buffer overflow
    - 90-cve-2012-0065.patch: use strncpy() instead of strcpy in
      libusbmuxd/libusbmuxd.c receive_packet() with a size that
      ensures we don't overflow dev->serial_number
    - CVE-2012-0065
    - LP: #919435
-- Leo Iannacone <email address hidden> Sun, 29 Jan 2012 16:14:32 +0100

Changed in usbmuxd (Ubuntu Natty):
status:	Fix Committed → Fix Released
Changed in usbmuxd (Ubuntu Oneiric):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #656581
[done grave patch security upstream] Edit

Bug watches keep track of this bug in other bug trackers.