-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4417-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 21, 2025 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : usbmuxd Version : 1.1.1-2+deb11u1 CVE ID : CVE-2025-66004 Debian Bug : 1122507 It was discovered that usbmuxd, USB multiplexor daemon for iPhone and iPod Touch devices, incorrectly handled certain paths received with the SavePairRecord command. A local attacker could possibly use this issue to delete and write files named *.plist in arbitrary locations. For Debian 11 bullseye, this problem has been fixed in version 1.1.1-2+deb11u1. We recommend that you upgrade your usbmuxd packages. For the detailed security status of usbmuxd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/usbmuxd Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmlIaxcACgkQgj6WdgbD S5aB/Q//W5qpGSwdm2k0Wext2XO6LAcNUVZKY2SyXvAXvi4i/gmh1h/aSuwouGBN NSOLTElrihL3nKCzDmAoPsr34INJLImGrKeGKLLgjnYQ0ZR6LvNqdNq7BZul18yF ZkGV8+o3pHo6Fm1CdHSIPdEtKB7jZJ3wXa270bEU5Ym5cplh9xMrDK/pKxL40KyT olCe9J476rcnfCoXQfVrSAbsKdi1sKhUAqdBwQJ29CDm8zcXascd18nx2F1M+0JL +USH5d9fW+O7PGWc1dpChHcIqc3Tg0Ar9hTGPFn6HulK/eK2fCahFTMlSZqKE+Ij 6TBhtDppnFo8fpglnIBKAeWdtmnrnE09HS+wZiiFyFipeKRGUccjcxh6UAUQ2645 oSHAd2s5DdvF+f3KttdMrD1Tr9fz2RG2+BcDRDaB4BIObhOkjIk5jlN1ORJIxd8F RGw9fVBFswkNikF53V4yey51vKO/yx4foedB5zwVG2sG1HtKUr+GZJIEIiEYNbui zePUrvVklRtp3wCouxdA9pZ90qeM68jGHCk4J1wxiemXDs68RdyKuj0Dw9trDz3E BLzmbcf5Qd2PfcTRknRAUfwCKQd5O7UFXrkrCqN5DvZRDSMpadM3S9TSHE7acKhs zrRhYuoNIYFGrwyIzIp9262VpSi17QrvArTciSK4lavaYNlYwuw= =21Bp -----END PGP SIGNATURE-----
