Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in BlueZ
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in BlueZ
ID: DSA-3972-1
Distribution: Debian
Plattformen: Debian jessie, Debian stretch
Datum: Mi, 13. September 2017, 16:44
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250
Applikationen: BlueZ

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3972-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 13, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : bluez
CVE ID : CVE-2017-1000250
Debian Bug : 875633

An information disclosure vulnerability was discovered in the Service
Discovery Protocol (SDP) in bluetoothd, allowing a proximate attacker to
obtain sensitive information from bluetoothd process memory, including
Bluetooth encryption keys.

For the oldstable distribution (jessie), this problem has been fixed
in version 5.23-2+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 5.43-2+deb9u1.

We recommend that you upgrade your bluez packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlm5GVZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TJWxAAhqBjUve/5G0EyxWmnBiSim1gwWAazeSl6xwzIE2hELUxzoQFuXypmtqo
EaFbxsLm7d9mCPSXXQt3QYPS43nW4l2foFOHFDpwdaEkLnpj8g6YdEgXIkUbpU0T
bn5hT7VwKdxQUV2Dh1TTJttk6HgiGaASpLYhs4dAXFNYCtiAyrfmR4XBYpm0P0dW
AGtI6wDqIWXRu4mJN25gaCLKHlbv0L9iF9C0D2/ldPJG2MDvaQlisSNtyI34FTWu
YuMuNf8HVKmmGAZ8fLAM5qIII8HJ1I8USkS3DlYTkPffrXIeSZzRjRIhpiF9BicZ
42XSeJxfB/OzLdO9LtWtp5Hu9gZRQt12nLFH1p65QXSro5sBw7Fau5bfZUr8eAyt
KD4B5582I2niG96rQ6nEWyO09QqEWCu1pGq8XHLFNyJStYTtVN3ewNiDzigWwZND
8RzyqSL/2Jy8Mjt5e8Hqyrv57haq15wNH4fZcy5vIadSwfWFv89jQhEvn5hNOS4Q
3Kg2lRoS9MspW4VdiqGDQg/yJX3c0bSIC/O+WVXT3WSIRS0D5nvtOKiuMKMvm3CI
RLh9qEpE6wa7y3qlbNOo6yO2o8UrXZPU1la3BbXQySLfs8gr+kLPwsDDGzxMUPd+
d6sphtoPgqTRtJRuY0TLCc391hsDKWAOX3OSJCeJjeF6a9XqfRg=
=9IIv
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung