Bug 1339988 (CVE-2016-5104)
Summary: | CVE-2016-5104 libimobiledevice: Sockets listening on INADDR_ANY | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | anemec, bnocera, cfergeau, dmoppert, pbrobinson, slawomir |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-06-07 05:10:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1339990, 1339991 | ||
Bug Blocks: | 1339992 |
Description
Adam Mariš
2016-05-26 10:04:41 UTC
Created libimobiledevice tracking bugs for this issue: Affects: fedora-all [bug 1339990] Created libusbmuxd tracking bugs for this issue: Affects: fedora-all [bug 1339991] CVE assignment: http://seclists.org/oss-sec/2016/q2/415 libimobiledevice-1.2.0-7.fc24, libusbmuxd-1.0.10-5.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. libimobiledevice-1.2.0-7.fc23, libusbmuxd-1.0.10-5.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. rhel-6/libimobiledevice-0.9.7 unaffected: this version does not bind a socket rhel-7/libimobiledevice-1.1.5 affected: vuln code is in tools/socket.c rhel-[67]/usbmuxd affected in libusbmuxd/sock_stuff.c, function create_socket(). Note this package is named differently than in Fedora. libimobiledevice-1.2.0-7.fc22, libusbmuxd-1.0.10-5.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. Lowering the priority of this bug since the rhel host PC is not exposed, nor does the mobile device's exposure represent a significant attack vector against the host. |