[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1103-1] bluez security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : bluez
Version        : 4.99-2+deb7u1
CVE ID         : CVE-2017-1000250
Debian Bug     : 875633

The SDP server in BlueZ is vulnerable to an information disclosure
vulnerability which allows remote attackers to obtain sensitive information
from the bluetoothd process memory. This vulnerability lies in the processing
of SDP search attribute requests.

For Debian 7 "Wheezy", these problems have been fixed in version
4.99-2+deb7u1.

We recommend that you upgrade your bluez packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAlnEKF0ACgkQ+COicpiD
yXyjpxAAr4T4i/9jAC+wI6lo6XbwKRWK022z9NmhRwHSmStZ7NGH/UzBXSR/tLFt
Usa6tYcreoDSTbajFluNSzk2ZuxeFDqUpOhcyVqqt6rw8wIaIpo26KkCPU+U+5jY
NLAQt90o0HZzHSbNxxIr7BjDcfgYblpYcdTyuxKVNEEYnyglMt8j2lMk4IQYVRMw
q2i+f3WWTVcNgnqmRIpIwMLEnuuw8xKpKAsxf+BFC+mAAJMfJ2A8GNU7hrOr/cam
35hrEfd76EiJK3Kgoe4PSDnxN9BRHiEAIluDFynSVNTnvBt34wpNjmaA+8Mg848K
hLYHkiBXOELEzpAc9g1UWNJggcgjl+wRbB6is2NO6ZoQzBRwbUZ1OyMYjaDaHqw5
Ux2UOc86ALOQfYE65mrSQ7HKrtHgDjFWt0GbhN6zBhNMs870yT12AWbN23aBI16N
qbml3rAUJGpAU1AsxfX1gvBiAUnekB2LcX8i1w2n9ZLlZqZP8tl4SFhpibuNIQ7B
LZuWlXk86v6LLyrCSKO6lLri8Gsoe/Cuj9HrwvAAu5JHiA2UoeadPxBm/fJ3xKLn
eiABEw4evxfE4bw7UZ1XI2Ka4pGbHDpPV96DTe78qMleqcbnB+XG/hL1ILqoUd/0
LdwZIO4UD3qV+T9qMVONfZxdQaqYBhExqPl4KtYThQpiMrGqctw=
=YRnB
-----END PGP SIGNATURE-----


Reply to: