LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated bluez/bluez-utils packages fix SDP packet parsing vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used in the Bluez bluetooth utilities. A bluetooth device with an already-trusted relationship, or a local user registering a service record via a UNIX socket or D-Bus interface, could cause a crash and potentially execute arbitrary code with the privileges of the hcid daemon (CVE-2008-2374). The updated packages have been patched to correct this issue.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:145
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : bluez
 Date    : July 14, 2008
 Affected: 2007.1, 2008.0, 2008.1
 _______________________________________________________________________
 
 Problem Description:
 
 An input validation flaw was found in the Bluetooth Session Description
 Protocol (SDP) packet parser used in the Bluez bluetooth utilities.
 A bluetooth device with an already-trusted relationship, or a local
 user registering a service record via a UNIX socket or D-Bus interface,
 could cause a crash and potentially execute arbitrary code with the
 privileges of the hcid daemon (CVE-2008-2374).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2374
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 9a00d06b9cc208ad54b81e0fa8b163cb  2007.1/i586/bluez-utils-3.9-5.1mdv2007.1.i586.rpm
 f9a34efa09d64233da76dabed4c83850  2007.1/i586/bluez-utils-cups-3.9-5.1mdv2007.1.i586.rpm
 dd60f8476558d1ccebccb3fa11a9dff4  2007.1/i586/libbluez2-3.9-1.1mdv2007.1.i586.rpm
 cb935f945f73804cf1bc8bdae9efb042  2007.1/i586/libbluez2-devel-3.9-1.1mdv2007.1.i586.rpm 
 528d38da98c62348643643cf315a9110  2007.1/SRPMS/bluez-3.9-1.1mdv2007.1.src.rpm
 d7ee77391265babb3cd4c3843e2ef11e  2007.1/SRPMS/bluez-utils-3.9-5.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 2ba5e1c85c7e7ef6e12a34bb965ce68f  2007.1/x86_64/bluez-utils-3.9-5.1mdv2007.1.x86_64.rpm
 83b26a318923fb3a65f9abebe5f04229  2007.1/x86_64/bluez-utils-cups-3.9-5.1mdv2007.1.x86_64.rpm
 f8abf4b202bd4aecdcc8c8c04cbe57a7  2007.1/x86_64/lib64bluez2-3.9-1.1mdv2007.1.x86_64.rpm
 4fb124ecbffb96b22bc8933882d06425  2007.1/x86_64/lib64bluez2-devel-3.9-1.1mdv2007.1.x86_64.rpm 
 528d38da98c62348643643cf315a9110  2007.1/SRPMS/bluez-3.9-1.1mdv2007.1.src.rpm
 d7ee77391265babb3cd4c3843e2ef11e  2007.1/SRPMS/bluez-utils-3.9-5.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 82bc315a133c599cb5d8336b4d158411  2008.0/i586/bluez-utils-3.15-3.1mdv2008.0.i586.rpm
 aae59ff5c7e59cbae54db812bfb0f0a4  2008.0/i586/bluez-utils-cups-3.15-3.1mdv2008.0.i586.rpm
 ee4bacfc3d297e100b652da16ed04c35  2008.0/i586/libbluez2-3.15-1.1mdv2008.0.i586.rpm
 02d188e3027468d7203acec84b6caf4a  2008.0/i586/libbluez-devel-3.15-1.1mdv2008.0.i586.rpm 
 fddf98c1ed12f9e2586d08d5492899fc  2008.0/SRPMS/bluez-3.15-1.1mdv2008.0.src.rpm
 3c9d2d44cef1bfdd4d88735b598267dd  2008.0/SRPMS/bluez-utils-3.15-3.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 6f49f11a867e69e4e7d8aa66bacc97f0  2008.0/x86_64/bluez-utils-3.15-3.1mdv2008.0.x86_64.rpm
 c4c572dda7f47973c7a928b0a22f5838  2008.0/x86_64/bluez-utils-cups-3.15-3.1mdv2008.0.x86_64.rpm
 ddb616a82bfa5076db6fbd025953dcee  2008.0/x86_64/lib64bluez2-3.15-1.1mdv2008.0.x86_64.rpm
 69cc88043e7894013cf1f16e942bfd5a  2008.0/x86_64/lib64bluez-devel-3.15-1.1mdv2008.0.x86_64.rpm 
 fddf98c1ed12f9e2586d08d5492899fc  2008.0/SRPMS/bluez-3.15-1.1mdv2008.0.src.rpm
 3c9d2d44cef1bfdd4d88735b598267dd  2008.0/SRPMS/bluez-utils-3.15-3.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 20a23f6720c48aa99a2eba0fa89ddbe1  2008.1/i586/bluez-utils-3.28-1.1mdv2008.1.i586.rpm
 1cf0131fa2a9bb9d26303faabd26a71c  2008.1/i586/bluez-utils-alsa-3.28-1.1mdv2008.1.i586.rpm
 e3f907162ec9cb1e23b6b901bff81639  2008.1/i586/bluez-utils-cups-3.28-1.1mdv2008.1.i586.rpm
 709e83f4ef6fa7086080ff39c5e91ff9  2008.1/i586/bluez-utils-gstreamer-3.28-1.1mdv2008.1.i586.rpm
 74e0839ea58f0794915b2b0d6e7093b5  2008.1/i586/libbluez2-3.28-1.1mdv2008.1.i586.rpm
 75099f0f4562fcd6b8675e0188a9771e  2008.1/i586/libbluez-devel-3.28-1.1mdv2008.1.i586.rpm 
 50f9e1a1083cea6a554a60149c4a7213  2008.1/SRPMS/bluez-3.28-1.1mdv2008.1.src.rpm
 f9948c704ebfde48c2898a05fdaf6980  2008.1/SRPMS/bluez-utils-3.28-1.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 4d765ac9f284e716c8a176a28878c3d6  2008.1/x86_64/bluez-utils-3.28-1.1mdv2008.1.x86_64.rpm
 8090b29aac10636f1eb42a2a1f2c18b0  2008.1/x86_64/bluez-utils-alsa-3.28-1.1mdv2008.1.x86_64.rpm
 e88188ed8e519953bc61ff43094f1187  2008.1/x86_64/bluez-utils-cups-3.28-1.1mdv2008.1.x86_64.rpm
 c4c5dad9676df37b97117f27468ba6ec  2008.1/x86_64/bluez-utils-gstreamer-3.28-1.1mdv2008.1.x86_64.rpm
 f73326ae6cd5c3d5b2c1bcf0d07397f2  2008.1/x86_64/lib64bluez2-3.28-1.1mdv2008.1.x86_64.rpm
 425bb892cae85f8e2f0e408469c32be9  2008.1/x86_64/lib64bluez-devel-3.28-1.1mdv2008.1.x86_64.rpm 
 50f9e1a1083cea6a554a60149c4a7213  2008.1/SRPMS/bluez-3.28-1.1mdv2008.1.src.rpm
 f9948c704ebfde48c2898a05fdaf6980  2008.1/SRPMS/bluez-utils-3.28-1.1mdv2008.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.