[ MDVSA-2008:145 ] - Updated bluez/bluez-utils packages fix SDP packet parsing vulnerability




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:145
http://www.mandriva.com/security/
_______________________________________________________________________

Package : bluez
Date : July 14, 2008
Affected: 2007.1, 2008.0, 2008.1
_______________________________________________________________________

Problem Description:

An input validation flaw was found in the Bluetooth Session Description
Protocol (SDP) packet parser used in the Bluez bluetooth utilities.
A bluetooth device with an already-trusted relationship, or a local
user registering a service record via a UNIX socket or D-Bus interface,
could cause a crash and potentially execute arbitrary code with the
privileges of the hcid daemon (CVE-2008-2374).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2374
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.1:
9a00d06b9cc208ad54b81e0fa8b163cb 2007.1/i586/bluez-utils-3.9-5.1mdv2007.1.i586.rpm
f9a34efa09d64233da76dabed4c83850 2007.1/i586/bluez-utils-cups-3.9-5.1mdv2007.1.i586.rpm
dd60f8476558d1ccebccb3fa11a9dff4 2007.1/i586/libbluez2-3.9-1.1mdv2007.1.i586.rpm
cb935f945f73804cf1bc8bdae9efb042 2007.1/i586/libbluez2-devel-3.9-1.1mdv2007.1.i586.rpm
528d38da98c62348643643cf315a9110 2007.1/SRPMS/bluez-3.9-1.1mdv2007.1.src.rpm
d7ee77391265babb3cd4c3843e2ef11e 2007.1/SRPMS/bluez-utils-3.9-5.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
2ba5e1c85c7e7ef6e12a34bb965ce68f 2007.1/x86_64/bluez-utils-3.9-5.1mdv2007.1.x86_64.rpm
83b26a318923fb3a65f9abebe5f04229 2007.1/x86_64/bluez-utils-cups-3.9-5.1mdv2007.1.x86_64.rpm
f8abf4b202bd4aecdcc8c8c04cbe57a7 2007.1/x86_64/lib64bluez2-3.9-1.1mdv2007.1.x86_64.rpm
4fb124ecbffb96b22bc8933882d06425 2007.1/x86_64/lib64bluez2-devel-3.9-1.1mdv2007.1.x86_64.rpm
528d38da98c62348643643cf315a9110 2007.1/SRPMS/bluez-3.9-1.1mdv2007.1.src.rpm
d7ee77391265babb3cd4c3843e2ef11e 2007.1/SRPMS/bluez-utils-3.9-5.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
82bc315a133c599cb5d8336b4d158411 2008.0/i586/bluez-utils-3.15-3.1mdv2008.0.i586.rpm
aae59ff5c7e59cbae54db812bfb0f0a4 2008.0/i586/bluez-utils-cups-3.15-3.1mdv2008.0.i586.rpm
ee4bacfc3d297e100b652da16ed04c35 2008.0/i586/libbluez2-3.15-1.1mdv2008.0.i586.rpm
02d188e3027468d7203acec84b6caf4a 2008.0/i586/libbluez-devel-3.15-1.1mdv2008.0.i586.rpm
fddf98c1ed12f9e2586d08d5492899fc 2008.0/SRPMS/bluez-3.15-1.1mdv2008.0.src.rpm
3c9d2d44cef1bfdd4d88735b598267dd 2008.0/SRPMS/bluez-utils-3.15-3.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
6f49f11a867e69e4e7d8aa66bacc97f0 2008.0/x86_64/bluez-utils-3.15-3.1mdv2008.0.x86_64.rpm
c4c572dda7f47973c7a928b0a22f5838 2008.0/x86_64/bluez-utils-cups-3.15-3.1mdv2008.0.x86_64.rpm
ddb616a82bfa5076db6fbd025953dcee 2008.0/x86_64/lib64bluez2-3.15-1.1mdv2008.0.x86_64.rpm
69cc88043e7894013cf1f16e942bfd5a 2008.0/x86_64/lib64bluez-devel-3.15-1.1mdv2008.0.x86_64.rpm
fddf98c1ed12f9e2586d08d5492899fc 2008.0/SRPMS/bluez-3.15-1.1mdv2008.0.src.rpm
3c9d2d44cef1bfdd4d88735b598267dd 2008.0/SRPMS/bluez-utils-3.15-3.1mdv2008.0.src.rpm

Mandriva Linux 2008.1:
20a23f6720c48aa99a2eba0fa89ddbe1 2008.1/i586/bluez-utils-3.28-1.1mdv2008.1.i586.rpm
1cf0131fa2a9bb9d26303faabd26a71c 2008.1/i586/bluez-utils-alsa-3.28-1.1mdv2008.1.i586.rpm
e3f907162ec9cb1e23b6b901bff81639 2008.1/i586/bluez-utils-cups-3.28-1.1mdv2008.1.i586.rpm
709e83f4ef6fa7086080ff39c5e91ff9 2008.1/i586/bluez-utils-gstreamer-3.28-1.1mdv2008.1.i586.rpm
74e0839ea58f0794915b2b0d6e7093b5 2008.1/i586/libbluez2-3.28-1.1mdv2008.1.i586.rpm
75099f0f4562fcd6b8675e0188a9771e 2008.1/i586/libbluez-devel-3.28-1.1mdv2008.1.i586.rpm
50f9e1a1083cea6a554a60149c4a7213 2008.1/SRPMS/bluez-3.28-1.1mdv2008.1.src.rpm
f9948c704ebfde48c2898a05fdaf6980 2008.1/SRPMS/bluez-utils-3.28-1.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
4d765ac9f284e716c8a176a28878c3d6 2008.1/x86_64/bluez-utils-3.28-1.1mdv2008.1.x86_64.rpm
8090b29aac10636f1eb42a2a1f2c18b0 2008.1/x86_64/bluez-utils-alsa-3.28-1.1mdv2008.1.x86_64.rpm
e88188ed8e519953bc61ff43094f1187 2008.1/x86_64/bluez-utils-cups-3.28-1.1mdv2008.1.x86_64.rpm
c4c5dad9676df37b97117f27468ba6ec 2008.1/x86_64/bluez-utils-gstreamer-3.28-1.1mdv2008.1.x86_64.rpm
f73326ae6cd5c3d5b2c1bcf0d07397f2 2008.1/x86_64/lib64bluez2-3.28-1.1mdv2008.1.x86_64.rpm
425bb892cae85f8e2f0e408469c32be9 2008.1/x86_64/lib64bluez-devel-3.28-1.1mdv2008.1.x86_64.rpm
50f9e1a1083cea6a554a60149c4a7213 2008.1/SRPMS/bluez-3.28-1.1mdv2008.1.src.rpm
f9948c704ebfde48c2898a05fdaf6980 2008.1/SRPMS/bluez-utils-3.28-1.1mdv2008.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIfAFQmqjQ0CJFipgRAt/9AJ9MZ/3J5ksa1JlEh2bNyXvUFieUiACfScvO
E7li8sFfuO7ZKhBU34IGAFg=
=do+O
-----END PGP SIGNATURE-----



Relevant Pages

  • [Full-disclosure] [ MDVSA-2008:145 ] - Updated bluez/bluez-utils packages fix SDP pa
    ... An input validation flaw was found in the Bluetooth Session Description ... Protocol packet parser used in the Bluez bluetooth utilities. ... The updated packages have been patched to correct this issue. ... Mandriva Linux 2007.1/X86_64: ...
    (Full-Disclosure)
  • [Full-disclosure] [ MDVSA-2008:163 ] python
    ... Multiple integer overflows in the imageop module in Python prior to ... Multiple integer overflows were reported by the Google Security Team ... The updated packages have been patched to correct these issues. ... Python packages on Mandriva Linux 2007.1 and 2008.0 have ...
    (Full-Disclosure)
  • [ MDVSA-2008:163 ] python
    ... Multiple integer overflows in the imageop module in Python prior to ... Multiple integer overflows were reported by the Google Security Team ... The updated packages have been patched to correct these issues. ... Python packages on Mandriva Linux 2007.1 and 2008.0 have ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2011:079 ] firefox
    ... Chris Evans of the Chrome Security Team reported that the XSLT ... Packages for 2009.0 are provided as of the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ... If you want to report vulnerabilities, ...
    (Full-Disclosure)
  • [ MDVSA-2011:079 ] firefox
    ... Chris Evans of the Chrome Security Team reported that the XSLT ... Packages for 2009.0 are provided as of the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ... If you want to report vulnerabilities, ...
    (Bugtraq)