Advisories » MGASA-2013-0251

Updated libimobiledevice packages fix CVE-2013-2142

Publication date: 17 Aug 2013
Modification date: 17 Aug 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-2142

Description

Updated libimobiledevice packages fix security vulnerability:

Paul Collins discovered that libimobiledevice incorrectly handled temporary
files. A local attacker could possibly use this issue to overwrite
arbitrary files and access device keys. In the default Ubuntu installation,
this issue should be mitigated by the Yama link restrictions (CVE-2013-2142).
                

References

• http://www.ubuntu.com/usn/usn-1927-1
• https://bugs.mageia.org/show_bug.cgi?id=11010
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2142

SRPMS

3/core

• libimobiledevice-1.1.4-4.1.mga3