-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6125-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez February 09, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : usbmuxd CVE ID : CVE-2025-66004 Debian Bug : 1122507 A path traversal vulnerability was discovered in usbmuxd, a multiplexor daemon used to coordinate USB connections from and to Apple devices (iPhone, iPad, iPod). Exploiting this vulnerability enables an unprivileged user to create and delete files named `*.plist` (and, in some cases, arbitrarily named) as the user running the daemon (`usbmux` by default). For the oldstable distribution (bookworm), this problem has been fixed in version 1.1.1-2+deb12u1. For the stable distribution (trixie), this problem has been fixed in version 1.1.1-6+deb13u1. We recommend that you upgrade your usbmuxd packages. For the detailed security status of usbmuxd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/usbmuxd Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmmJ9w0ACgkQ3rYcyPpX RFujIgf+KCH8yMmXPx5uGhoYeov1iCiXxygaNbg6CBqLYIo8lLWrfKohcoM0ahwz 4xYicEE8/0Yrv32EggvOgeMJktQidj54/AW4oGmU94PK66vA9QRAJrffFenE/mca ATMlbxNIeg1JEVfNimwKnL/SHz6e6yXjqykcTijjsKAWQke+hvqzDz92aNFNP6kR cXSir5eNKq9fEpeGUI10U6SWhi26RcnUxdye+QRnqJmIfWVaAguSwfUQ1g3MvAqS 5QlO7nSSQTLVxpYivdBfmKv3gbZpU4jhdyXxc/wIpyfqk+X9j/HvUgp4tOBNXp5W woU0BJ+UGz2GYTy+Z3DWAZ9VE5s6Yw== =6i6w -----END PGP SIGNATURE-----
