A CVE has been assigned for a security issue fixed upstream in libimobiledevice and libusbmuxd. The fix was committed in git on December 29 and the CVE was assigned on May 26: http://www.openwall.com/lists/oss-security/2016/05/26/6 Patched packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated libimobiledevice and usbmuxd package fixes security vulnerability: The libimobiledevice and libusbmuxd libraries open a socket that listens on all available network interfaces, rather than just the loopback interface as was intended (CVE-2016-5104). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5104 http://www.openwall.com/lists/oss-security/2016/05/26/6 ======================== Updated packages in core/updates_testing: ======================== libimobiledevice-1.1.6-4.1.mga5 libimobiledevice4-1.1.6-4.1.mga5 libimobiledevice-devel-1.1.6-4.1.mga5 python-imobiledevice-1.1.6-4.1.mga5 usbmuxd-1.0.9-6.1.mga5 libusbmuxd2-1.0.9-6.1.mga5 libusbmuxd-devel-1.0.9-6.1.mga5 from SRPMS: libimobiledevice-1.1.6-4.1.mga5.src.rpm usbmuxd-1.0.9-6.1.mga5.src.rpm
MGA5-32 on AcerD620 Xfce. No installation issues, does not seem to break anything, but I won't buy Apple stuff to test it. Someone else???
CC: (none) => herman.viaene
URL: (none) => http://lwn.net/Vulnerabilities/689258/
rpmdiff's on madb show patches correctly applied. Please verify that the packages upgrade cleanly and OK this.
Installed the updates The following 3 packages are going to be installed: - lib64usbmuxd2-1.0.9-6.1.mga5.x86_64 - libimobiledevice-1.1.6-4.1.mga5.x86_64 - python-imobiledevice-1.1.6-4.1.mga5.x86_64 I'll see if I can get it to talk to my iphone6
CC: (none) => brtians1
I tried connecting to iphone 6, ipod touch 6. Both are seen by shotwell, but neither will transfer pictures or video even when approved. Not sure what to see. If I find a cord for an ipod 4, i'll try that.
Possibly needs usbmuxd too Brian. Failing that, maybe lib64mtp9?
Also, was it working before the update?
I tried this on an not updated KDE system (the one failing is GNOME) and it did work properly. it immediately recognized the iphone 6 and allowed me to view open the photos.
okay installed usbmuxd 1.0.9-6.1 and it started working. Approved as working.
Whiteboard: (none) => MGA5-64-OK
Linux localhost 4.4.13-desktop-1.mga5 #1 SMP Fri Jun 10 14:05:25 UTC 2016 i686 i686 i686 GNU/Linux The following 5 packages are going to be installed: - libimobiledevice-1.1.6-4.1.mga5.i586 - libimobiledevice4-1.1.6-4.1.mga5.i586 - libusbmuxd2-1.0.9-6.1.mga5.i586 - python-imobiledevice-1.1.6-4.1.mga5.i586 - usbmuxd-1.0.9-6.1.mga5.i586 587KB of additional disk space will be used. 338KB of packages will be retrieved. I also installed Shotwell (this is a Mate desktop). Shotwell was able to access the iphone 6 pictures with new drivers. These updates are good.
Whiteboard: MGA5-64-OK => MGA5-64-OK MGA5-32-OK
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
Advisory uploaded.
Whiteboard: MGA5-64-OK MGA5-32-OK => has_procedure advisory MGA5-64-OK MGA5-32-OK
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0229.html
Status: NEW => RESOLVEDResolution: (none) => FIXED