Spring navigering over

• Om Debian
• Nyheder
• Få fat i Debian
• Support
• Udviklerhjørnet
• Sideoversigt
• Søg

Debians sikkerhedsbulletin

DSA-782-1 bluez-utils -- manglende kontrol af inddata

Rapporteret den:

23. aug 2005

Berørte pakker:

bluez-utils

Sårbar:

Ja

Referencer i sikkerhedsdatabaser:

I Debians fejlsporingssystem: Fejl 323365.
I Mitres CVE-ordbog: CVE-2005-2547.

Yderligere oplysninger:

Henryk Plötz har opdaget en sårbarhed i bluez-utils, værktøjer og dæmoner til Bluetooth. På grund af manglende kontrol af inddata var det muligt for en angriber at udføre vilkårlige kommandoer leveret som et devicenavn fra et fjernt device.

Den gamle stabile distribution (woody) er ikke påvirket af dette problem, da den ikke indeholder bluez-utils-pakker.

I den stabile distribution (sarge) er dette problem rettet i version 2.15-1.1.

I den ustabile distribution (sid) er dette problem rettet i version 2.19-1.

Vi anbefaler at du opgraderer din bluez-utils-pakke.

Rettet i:

Debian GNU/Linux 3.1 (sarge)

Kildekode:

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1.dsc

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1.diff.gz

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15.orig.tar.gz

Alpha:

http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_alpha.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_alpha.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_alpha.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_alpha.deb

AMD64:

http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_amd64.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_amd64.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_amd64.deb

ARM:

http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_arm.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_arm.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_arm.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_arm.deb

Intel IA-32:

http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_i386.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_i386.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_i386.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_i386.deb

Intel IA-64:

http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_ia64.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_ia64.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_ia64.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_ia64.deb

HPPA:

http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_hppa.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_hppa.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_hppa.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_hppa.deb

Motorola 680x0:

http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_m68k.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_m68k.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_m68k.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_m68k.deb

Big endian MIPS:

http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_mips.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_mips.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_mips.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_mips.deb

Little endian MIPS:

http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_mipsel.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_mipsel.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_mipsel.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_mipsel.deb

PowerPC:

http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_powerpc.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_powerpc.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_powerpc.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_powerpc.deb

IBM S/390:

http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_s390.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_s390.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_s390.deb

Sun Sparc:

http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_sparc.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_sparc.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_sparc.deb

http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.

Denne side findes også på følgende sprog:

Deutsch English español français svenska

Sådan opsætter du standardsprogvalg for dokumenter