Nom du paquet
bluez
Date
2008-07-14
Advisory ID
MDVSA-2008:145
Affected versions
2008.0 i586 , 2007.1 i586 , 2008.0 x86_64 , 2008.1 x86_64 , 2008.1 i586 , 2007.1 x86_64

Problem description

An input validation flaw was found in the Bluetooth Session Description
Protocol (SDP) packet parser used in the Bluez bluetooth utilities.
A bluetooth device with an already-trusted relationship, or a local
user registering a service record via a UNIX socket or D-Bus interface,
could cause a crash and potentially execute arbitrary code with the
privileges of the hcid daemon (CVE-2008-2374).

The updated packages have been patched to correct this issue.

Updated packages

2008.0 i586

 82bc315a133c599cb5d8336b4d158411  2008.0/i586/bluez-utils-3.15-3.1mdv2008.0.i586.rpm
 aae59ff5c7e59cbae54db812bfb0f0a4  2008.0/i586/bluez-utils-cups-3.15-3.1mdv2008.0.i586.rpm
 ee4bacfc3d297e100b652da16ed04c35  2008.0/i586/libbluez2-3.15-1.1mdv2008.0.i586.rpm
 02d188e3027468d7203acec84b6caf4a  2008.0/i586/libbluez-devel-3.15-1.1mdv2008.0.i586.rpm 
 fddf98c1ed12f9e2586d08d5492899fc  2008.0/SRPMS/bluez-3.15-1.1mdv2008.0.src.rpm
 3c9d2d44cef1bfdd4d88735b598267dd  2008.0/SRPMS/bluez-utils-3.15-3.1mdv2008.0.src.rpm

2007.1 i586

 9a00d06b9cc208ad54b81e0fa8b163cb  2007.1/i586/bluez-utils-3.9-5.1mdv2007.1.i586.rpm
 f9a34efa09d64233da76dabed4c83850  2007.1/i586/bluez-utils-cups-3.9-5.1mdv2007.1.i586.rpm
 dd60f8476558d1ccebccb3fa11a9dff4  2007.1/i586/libbluez2-3.9-1.1mdv2007.1.i586.rpm
 cb935f945f73804cf1bc8bdae9efb042  2007.1/i586/libbluez2-devel-3.9-1.1mdv2007.1.i586.rpm 
 528d38da98c62348643643cf315a9110  2007.1/SRPMS/bluez-3.9-1.1mdv2007.1.src.rpm
 d7ee77391265babb3cd4c3843e2ef11e  2007.1/SRPMS/bluez-utils-3.9-5.1mdv2007.1.src.rpm

2008.0 x86_64

 6f49f11a867e69e4e7d8aa66bacc97f0  2008.0/x86_64/bluez-utils-3.15-3.1mdv2008.0.x86_64.rpm
 c4c572dda7f47973c7a928b0a22f5838  2008.0/x86_64/bluez-utils-cups-3.15-3.1mdv2008.0.x86_64.rpm
 ddb616a82bfa5076db6fbd025953dcee  2008.0/x86_64/lib64bluez2-3.15-1.1mdv2008.0.x86_64.rpm
 69cc88043e7894013cf1f16e942bfd5a  2008.0/x86_64/lib64bluez-devel-3.15-1.1mdv2008.0.x86_64.rpm 
 fddf98c1ed12f9e2586d08d5492899fc  2008.0/SRPMS/bluez-3.15-1.1mdv2008.0.src.rpm
 3c9d2d44cef1bfdd4d88735b598267dd  2008.0/SRPMS/bluez-utils-3.15-3.1mdv2008.0.src.rpm

2008.1 x86_64

 4d765ac9f284e716c8a176a28878c3d6  2008.1/x86_64/bluez-utils-3.28-1.1mdv2008.1.x86_64.rpm
 8090b29aac10636f1eb42a2a1f2c18b0  2008.1/x86_64/bluez-utils-alsa-3.28-1.1mdv2008.1.x86_64.rpm
 e88188ed8e519953bc61ff43094f1187  2008.1/x86_64/bluez-utils-cups-3.28-1.1mdv2008.1.x86_64.rpm
 c4c5dad9676df37b97117f27468ba6ec  2008.1/x86_64/bluez-utils-gstreamer-3.28-1.1mdv2008.1.x86_64.rpm
 f73326ae6cd5c3d5b2c1bcf0d07397f2  2008.1/x86_64/lib64bluez2-3.28-1.1mdv2008.1.x86_64.rpm
 425bb892cae85f8e2f0e408469c32be9  2008.1/x86_64/lib64bluez-devel-3.28-1.1mdv2008.1.x86_64.rpm 
 50f9e1a1083cea6a554a60149c4a7213  2008.1/SRPMS/bluez-3.28-1.1mdv2008.1.src.rpm
 f9948c704ebfde48c2898a05fdaf6980  2008.1/SRPMS/bluez-utils-3.28-1.1mdv2008.1.src.rpm

2008.1 i586

 20a23f6720c48aa99a2eba0fa89ddbe1  2008.1/i586/bluez-utils-3.28-1.1mdv2008.1.i586.rpm
 1cf0131fa2a9bb9d26303faabd26a71c  2008.1/i586/bluez-utils-alsa-3.28-1.1mdv2008.1.i586.rpm
 e3f907162ec9cb1e23b6b901bff81639  2008.1/i586/bluez-utils-cups-3.28-1.1mdv2008.1.i586.rpm
 709e83f4ef6fa7086080ff39c5e91ff9  2008.1/i586/bluez-utils-gstreamer-3.28-1.1mdv2008.1.i586.rpm
 74e0839ea58f0794915b2b0d6e7093b5  2008.1/i586/libbluez2-3.28-1.1mdv2008.1.i586.rpm
 75099f0f4562fcd6b8675e0188a9771e  2008.1/i586/libbluez-devel-3.28-1.1mdv2008.1.i586.rpm 
 50f9e1a1083cea6a554a60149c4a7213  2008.1/SRPMS/bluez-3.28-1.1mdv2008.1.src.rpm
 f9948c704ebfde48c2898a05fdaf6980  2008.1/SRPMS/bluez-utils-3.28-1.1mdv2008.1.src.rpm

2007.1 x86_64

 2ba5e1c85c7e7ef6e12a34bb965ce68f  2007.1/x86_64/bluez-utils-3.9-5.1mdv2007.1.x86_64.rpm
 83b26a318923fb3a65f9abebe5f04229  2007.1/x86_64/bluez-utils-cups-3.9-5.1mdv2007.1.x86_64.rpm
 f8abf4b202bd4aecdcc8c8c04cbe57a7  2007.1/x86_64/lib64bluez2-3.9-1.1mdv2007.1.x86_64.rpm
 4fb124ecbffb96b22bc8933882d06425  2007.1/x86_64/lib64bluez2-devel-3.9-1.1mdv2007.1.x86_64.rpm 
 528d38da98c62348643643cf315a9110  2007.1/SRPMS/bluez-3.9-1.1mdv2007.1.src.rpm
 d7ee77391265babb3cd4c3843e2ef11e  2007.1/SRPMS/bluez-utils-3.9-5.1mdv2007.1.src.rpm

References