Lucene search

DebianDEBIAN:DLA-2430-1:76CAE

HistoryNov 03, 2020 - 9:47 a.m.

[SECURITY] [DLA 2430-1] blueman security update

2020-11-0309:47:22

lists.debian.org

blueman security update

d-bus interface

denial of service

privilege escalation

debian 9 stretch

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

24.1%

JSON

Debian LTS Advisory DLA-2430-1 [email protected]
https://www.debian.org/lts/security/ Utkarsh Gupta
November 03, 2020 https://wiki.debian.org/LTS

Package : blueman
Version : 2.0.4-1+deb9u1
CVE ID : CVE-2020-15238

Vaisha Bernard discovered that Blueman, a graphical bluetooth manager
performed insufficient validation on a D-Bus interface, which could
result in denial of service or privilege escalation.

For Debian 9 stretch, this problem has been fixed in version
2.0.4-1+deb9u1.

We recommend that you upgrade your blueman packages.

For the detailed security status of blueman please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/blueman

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS