<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2005:150 - Updated bluez-utils packages fix vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           bluez-utils
 Advisory ID:            MDKSA-2005:150
 Date:                   August 25th, 2005

 Affected versions:      10.0, 10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 A vulnerability in bluez-utils was discovered by Henryk Plotz.  Due to
 missing input sanitizing, it was possible for an attacker to execute
 arbitrary commands supplied as a device name from the remote bluetooth
 device.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2547
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 a363e2012cbf365604147ea094d48e51  10.0/RPMS/bluez-utils-2.4-4.1.100mdk.i586.rpm
 b9836323e7edaefa139dbf803ed5b11a  10.0/SRPMS/bluez-utils-2.4-4.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 0c14d3c62ccbb9c53f88f41129883226  
amd64/10.0/RPMS/bluez-utils-2.4-4.1.100mdk.amd64.rpm
 b9836323e7edaefa139dbf803ed5b11a  
amd64/10.0/SRPMS/bluez-utils-2.4-4.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 ae95bbad5bb67d20a6d209500c729062  
10.1/RPMS/bluez-utils-2.10-3.1.101mdk.i586.rpm
 15c9d82af6f029699f5f17901277b4f5  
10.1/RPMS/bluez-utils-cups-2.10-3.1.101mdk.i586.rpm
 e612f6d35745cba68c362003a4c163e4  
10.1/SRPMS/bluez-utils-2.10-3.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 c63fc9b66c8a6886602fcc34dcc82f0b  
x86_64/10.1/RPMS/bluez-utils-2.10-3.1.101mdk.x86_64.rpm
 d27d581f66ed0f4d23ad627f836e86f1  
x86_64/10.1/RPMS/bluez-utils-cups-2.10-3.1.101mdk.x86_64.rpm
 e612f6d35745cba68c362003a4c163e4  
x86_64/10.1/SRPMS/bluez-utils-2.10-3.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 f909df9003986b72b21a95044298ddba  
10.2/RPMS/bluez-utils-2.14-1.1.102mdk.i586.rpm
 c3a06b22a142cb1a5b3f9d07e7acc65f  
10.2/RPMS/bluez-utils-cups-2.14-1.1.102mdk.i586.rpm
 c8e48eedc86d6f3dc5e1aa97d4b819fd  
10.2/SRPMS/bluez-utils-2.14-1.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 1dccad3836e309b8046d677eccc96cc5  
x86_64/10.2/RPMS/bluez-utils-2.14-1.1.102mdk.x86_64.rpm
 76ace2f605fccfb1570c3f74d6c1a5ef  
x86_64/10.2/RPMS/bluez-utils-cups-2.14-1.1.102mdk.x86_64.rpm
 c8e48eedc86d6f3dc5e1aa97d4b819fd  
x86_64/10.2/SRPMS/bluez-utils-2.14-1.1.102mdk.src.rpm

 Corporate 3.0:
 e9db54c7ed37293e88f9a6a296ef5aa2  
corporate/3.0/RPMS/bluez-utils-2.4-4.1.C30mdk.i586.rpm
 68ecbc8a999f219d5613b5ddc3aed4df  
corporate/3.0/SRPMS/bluez-utils-2.4-4.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 6cd0acb52a764d5ed594b616c0947db4  
x86_64/corporate/3.0/RPMS/bluez-utils-2.4-4.1.C30mdk.x86_64.rpm
 68ecbc8a999f219d5613b5ddc3aed4df  
x86_64/corporate/3.0/SRPMS/bluez-utils-2.4-4.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDDkoGmqjQ0CJFipgRAnlNAKCF87ZavpMhfLYGibRLgs4xgSEheQCg6j8f
OVri7gtCTXz7Kn58ruNfTEI=
=BEvC
-----END PGP SIGNATURE-----