Preisgabe von Informationen in BlueZ
ID: | USN-3413-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.04 |
Datum: | Di, 12. September 2017, 23:52 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250 |
Applikationen: | BlueZ |
Originalnachricht |
|
--===============8046424705882251697== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="lwsazs3lomtw7dft" Content-Disposition: inline --lwsazs3lomtw7dft Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ========================================================================== Ubuntu Security Notice USN-3413-1 September 12, 2017 bluez vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: BlueZ could be made to expose sensitive information over bluetooth. Software Description: - bluez: Bluetooth tools and daemons Details: It was discovered that an information disclosure vulnerability existed in the Service Discovery Protocol (SDP) implementation in BlueZ. A physically proximate unauthenticated attacker could use this to disclose sensitive information. (CVE-2017-1000250) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: bluez 5.43-0ubuntu1.1 libbluetooth3 5.43-0ubuntu1.1 Ubuntu 16.04 LTS: bluez 5.37-0ubuntu5.1 libbluetooth3 5.37-0ubuntu5.1 Ubuntu 14.04 LTS: bluez 4.101-0ubuntu13.3 libbluetooth3 4.101-0ubuntu13.3 In general, a standard system update will make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3413-1 CVE-2017-1000250 Package Information: https://launchpad.net/ubuntu/+source/bluez/5.43-0ubuntu1.1 https://launchpad.net/ubuntu/+source/bluez/5.37-0ubuntu5.1 https://launchpad.net/ubuntu/+source/bluez/4.101-0ubuntu13.3 --lwsazs3lomtw7dft Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAABCgAGBQJZuDixAAoJEC8Jno0AXoH0Iu8QAJseDKwBsTF7C/wUOi0hU+p6 qC+yiXhU1tfUCIqD5EjYWxy9YdF3U4dClXHY/PEpE21kGi/IByrgL8y5AXJqPBw5 JtPZG9BF+3MUQXHHWeGjyxW5fGaVFo7lxYpYRcm5KcKXkWX6qa9HtVJjA2TWctec +vtA7IQ7VMlqQx690e0iRy0snBbZyCNxWWK0Wtl3r5kteIpO6mQBu6KqPbmfoy4F E3zOh18cH0DI2JeWKM0RBUOk3CRSVNGJSbkHIx4mB0iB23snTesrQWWfWSySyV+J L13tcOnsLvhl6HUYKtLc84GKtBQ35Z5bCoCc+E6cmHN3uWwU+bZRcDqkpfijIf+i df2gXo+93cddEDCKivawhd7xcqi98zQS9VJ+FdLOZRNe79fFFAqiRy4Y2G2uXYM5 lBL9/H/MvP8x+7ZJMBBFmOz0zN9SNYddRSs1THKxHhWpIKR5ceiJPO6Ew3QRCpqy qoBDdJe7lNKrovTfzQDNsSbLkyNtCdyrtWmSDftqMwg/EZnahmEYj6bNt6AYN+hC eK8Ep7X9nVv4M8oK8Cs4zLTrjYVwb7/g76xiYFp+oNv+3dY/Lg6kQWJ1btYtFlWF dGQZBKjG/DBuRTA//M+pl4qVWbhryetGJ9ZOzn+RC1AssEjrFsjkqxOvRUNie6TI 9HWJ5+W/DFwVWuyvqrqq =9M0n -----END PGP SIGNATURE----- --lwsazs3lomtw7dft-- --===============8046424705882251697== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce |