CVE-2019-25058

NameCVE-2019-25058
DescriptionAn issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2979-1
Debian Bugs1008026

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
usbguard (PTS)buster0.7.4+ds-1vulnerable
bullseye1.0.0+ds-2vulnerable
bookworm1.1.2+ds-3fixed
sid, trixie1.1.2+ds-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
usbguardsourceexperimental1.1.0+ds-1
usbguardsourcestretch0.6.2+ds1-2+deb9u1DLA-2979-1
usbguardsource(unstable)1.1.0+ds-21008026

Notes

[bullseye] - usbguard <no-dsa> (Minor issue)
[buster] - usbguard <no-dsa> (Minor issue)
https://github.com/USBGuard/usbguard/issues/273
https://github.com/USBGuard/usbguard/issues/403
https://github.com/USBGuard/usbguard/pull/531
Search for package or bug name: Reporting problems