bluez security update

2008-07-1416:47:36

CentOS Project

lists.centos.org

0.009 Low

EPSS

Percentile

82.4%

JSON

CentOS Errata and Security Advisory CESA-2008:0581

The bluez-libs package contains libraries for use in Bluetooth
applications. The bluez-utils package contains Bluetooth daemons and utilities.

An input validation flaw was found in the Bluetooth Session Description
Protocol (SDP) packet parser used by the Bluez Bluetooth utilities. A
Bluetooth device with an already-established trust relationship, or a local
user registering a service record via a UNIX® socket or D-Bus interface,
could cause a crash, or possibly execute arbitrary code with privileges of
the hcid daemon. (CVE-2008-2374)

Users of bluez-libs and bluez-utils are advised to upgrade to these updated
packages, which contains a backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-July/077274.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077278.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077280.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077281.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077282.html

Affected packages:
bluez-libs
bluez-libs-devel
bluez-utils
bluez-utils-cups

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0581

OSVersionArchitecturePackageVersionFilename
CentOS4ia64bluez-libs< 2.10-3bluez-libs-2.10-3.ia64.rpm
CentOS4ia64bluez-libs-devel< 2.10-3bluez-libs-devel-2.10-3.ia64.rpm
CentOS4ia64bluez-utils< 2.10-2.4bluez-utils-2.10-2.4.ia64.rpm
CentOS4ia64bluez-utils-cups< 2.10-2.4bluez-utils-cups-2.10-2.4.ia64.rpm
CentOS5i386bluez-libs< 3.7-1.1bluez-libs-3.7-1.1.i386.rpm
CentOS5x86_64bluez-libs< 3.7-1.1bluez-libs-3.7-1.1.x86_64.rpm
CentOS5i386bluez-libs-devel< 3.7-1.1bluez-libs-devel-3.7-1.1.i386.rpm
CentOS5x86_64bluez-libs-devel< 3.7-1.1bluez-libs-devel-3.7-1.1.x86_64.rpm
CentOS5x86_64bluez-utils< 3.7-2.2.el5.centosbluez-utils-3.7-2.2.el5.centos.x86_64.rpm
CentOS5x86_64bluez-utils-cups< 3.7-2.2.el5.centosbluez-utils-cups-3.7-2.2.el5.centos.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	4	ia64	bluez-libs	< 2.10-3	bluez-libs-2.10-3.ia64.rpm
CentOS	4	ia64	bluez-libs-devel	< 2.10-3	bluez-libs-devel-2.10-3.ia64.rpm
CentOS	4	ia64	bluez-utils	< 2.10-2.4	bluez-utils-2.10-2.4.ia64.rpm
CentOS	4	ia64	bluez-utils-cups	< 2.10-2.4	bluez-utils-cups-2.10-2.4.ia64.rpm
CentOS	5	i386	bluez-libs	< 3.7-1.1	bluez-libs-3.7-1.1.i386.rpm
CentOS	5	x86_64	bluez-libs	< 3.7-1.1	bluez-libs-3.7-1.1.x86_64.rpm
CentOS	5	i386	bluez-libs-devel	< 3.7-1.1	bluez-libs-devel-3.7-1.1.i386.rpm
CentOS	5	x86_64	bluez-libs-devel	< 3.7-1.1	bluez-libs-devel-3.7-1.1.x86_64.rpm
CentOS	5	x86_64	bluez-utils	< 3.7-2.2.el5.centos	bluez-utils-3.7-2.2.el5.centos.x86_64.rpm
CentOS	5	x86_64	bluez-utils-cups	< 3.7-2.2.el5.centos	bluez-utils-cups-3.7-2.2.el5.centos.x86_64.rpm