Lucene search

UbuntuUSN-4605-2

HistoryNov 03, 2020 - 12:00 a.m.

Blueman update

2020-11-0300:00:00

ubuntu.com

blueman

ubuntu

security enhancement

privilege escalation

arbitrary code

denial of service

cve-2020-15238

policykit authentication

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

24.1%

JSON

Releases

Ubuntu 20.10
Ubuntu 20.04 LTS

Packages

blueman - Graphical bluetooth manager

Details

Vaisha Bernard discovered that blueman did not properly sanitize input on
the d-bus interface to blueman-mechanism. A local attacker could possibly
use this issue to escalate privileges and run arbitrary code or cause a
denial of service. (CVE-2020-15238)

While a previous security update fixed the issue, this update provides
additional improvements by enabling PolicyKit authentication for
privileged commands.

OSVersionArchitecturePackageVersionFilename
Ubuntu20.10noarchblueman< 2.1.3-2ubuntu1.1UNKNOWN
Ubuntu20.10noarchblueman-dbgsym< 2.1.3-2ubuntu1.1UNKNOWN
Ubuntu20.04noarchblueman< 2.1.2-1ubuntu0.2UNKNOWN
Ubuntu20.04noarchblueman-dbgsym< 2.1.2-1ubuntu0.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	20.10	noarch	blueman	< 2.1.3-2ubuntu1.1	UNKNOWN
Ubuntu	20.10	noarch	blueman-dbgsym	< 2.1.3-2ubuntu1.1	UNKNOWN
Ubuntu	20.04	noarch	blueman	< 2.1.2-1ubuntu0.2	UNKNOWN
Ubuntu	20.04	noarch	blueman-dbgsym	< 2.1.2-1ubuntu0.2	UNKNOWN