bluez security update

2008-07-14T16:47:36
ID CESA-2008:0581
Type centos
Reporter CentOS Project
Modified 2008-07-14T22:39:13

Description

CentOS Errata and Security Advisory CESA-2008:0581

The bluez-libs package contains libraries for use in Bluetooth applications. The bluez-utils package contains Bluetooth daemons and utilities.

An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used by the Bluez Bluetooth utilities. A Bluetooth device with an already-established trust relationship, or a local user registering a service record via a UNIX(r) socket or D-Bus interface, could cause a crash, or possibly execute arbitrary code with privileges of the hcid daemon. (CVE-2008-2374)

Users of bluez-libs and bluez-utils are advised to upgrade to these updated packages, which contains a backported patch to correct this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2008-July/027150.html http://lists.centos.org/pipermail/centos-announce/2008-July/027154.html http://lists.centos.org/pipermail/centos-announce/2008-July/027156.html http://lists.centos.org/pipermail/centos-announce/2008-July/027157.html http://lists.centos.org/pipermail/centos-announce/2008-July/027158.html

Affected packages: bluez-libs bluez-libs-devel bluez-utils bluez-utils-cups

Upstream details at: https://rhn.redhat.com/errata/RHSA-2008-0581.html