CentOS Errata and Security Advisory CESA-2008:0581
The bluez-libs package contains libraries for use in Bluetooth
applications. The bluez-utils package contains Bluetooth daemons and utilities.
An input validation flaw was found in the Bluetooth Session Description
Protocol (SDP) packet parser used by the Bluez Bluetooth utilities. A
Bluetooth device with an already-established trust relationship, or a local
user registering a service record via a UNIX® socket or D-Bus interface,
could cause a crash, or possibly execute arbitrary code with privileges of
the hcid daemon. (CVE-2008-2374)
Users of bluez-libs and bluez-utils are advised to upgrade to these updated
packages, which contains a backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-July/077274.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077278.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077280.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077281.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077282.html
Affected packages:
bluez-libs
bluez-libs-devel
bluez-utils
bluez-utils-cups
Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0581
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | bluez-libs | < 2.10-3 | bluez-libs-2.10-3.ia64.rpm |
CentOS | 4 | ia64 | bluez-libs-devel | < 2.10-3 | bluez-libs-devel-2.10-3.ia64.rpm |
CentOS | 4 | ia64 | bluez-utils | < 2.10-2.4 | bluez-utils-2.10-2.4.ia64.rpm |
CentOS | 4 | ia64 | bluez-utils-cups | < 2.10-2.4 | bluez-utils-cups-2.10-2.4.ia64.rpm |
CentOS | 5 | i386 | bluez-libs | < 3.7-1.1 | bluez-libs-3.7-1.1.i386.rpm |
CentOS | 5 | x86_64 | bluez-libs | < 3.7-1.1 | bluez-libs-3.7-1.1.x86_64.rpm |
CentOS | 5 | i386 | bluez-libs-devel | < 3.7-1.1 | bluez-libs-devel-3.7-1.1.i386.rpm |
CentOS | 5 | x86_64 | bluez-libs-devel | < 3.7-1.1 | bluez-libs-devel-3.7-1.1.x86_64.rpm |
CentOS | 5 | x86_64 | bluez-utils | < 3.7-2.2.el5.centos | bluez-utils-3.7-2.2.el5.centos.x86_64.rpm |
CentOS | 5 | x86_64 | bluez-utils-cups | < 3.7-2.2.el5.centos | bluez-utils-cups-3.7-2.2.el5.centos.x86_64.rpm |