Debian Security Advisory
DSA-3972-1 bluez -- security update
- Date Reported:
- 13 Sep 2017
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 875633.
In Mitre's CVE dictionary: CVE-2017-1000250.
- More information:
An information disclosure vulnerability was discovered in the Service Discovery Protocol (SDP) in bluetoothd, allowing a proximate attacker to obtain sensitive information from bluetoothd process memory, including Bluetooth encryption keys.
For the oldstable distribution (jessie), this problem has been fixed in version 5.23-2+deb8u1.
For the stable distribution (stretch), this problem has been fixed in version 5.43-2+deb9u1.
We recommend that you upgrade your bluez packages.