Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in BlueZ
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in BlueZ
ID: USN-3413-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.04
Datum: Di, 12. September 2017, 23:52
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250

Originalnachricht


--===============8046424705882251697==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="lwsazs3lomtw7dft"
Content-Disposition: inline


--lwsazs3lomtw7dft
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-3413-1
September 12, 2017

bluez vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

BlueZ could be made to expose sensitive information over bluetooth.

Software Description:
- bluez: Bluetooth tools and daemons

Details:

It was discovered that an information disclosure vulnerability existed
in the Service Discovery Protocol (SDP) implementation in BlueZ. A
physically proximate unauthenticated attacker could use this to
disclose sensitive information. (CVE-2017-1000250)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
bluez 5.43-0ubuntu1.1
libbluetooth3 5.43-0ubuntu1.1

Ubuntu 16.04 LTS:
bluez 5.37-0ubuntu5.1
libbluetooth3 5.37-0ubuntu5.1

Ubuntu 14.04 LTS:
bluez 4.101-0ubuntu13.3
libbluetooth3 4.101-0ubuntu13.3

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3413-1
CVE-2017-1000250

Package Information:
https://launchpad.net/ubuntu/+source/bluez/5.43-0ubuntu1.1
https://launchpad.net/ubuntu/+source/bluez/5.37-0ubuntu5.1
https://launchpad.net/ubuntu/+source/bluez/4.101-0ubuntu13.3


--lwsazs3lomtw7dft
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIcBAABCgAGBQJZuDixAAoJEC8Jno0AXoH0Iu8QAJseDKwBsTF7C/wUOi0hU+p6
qC+yiXhU1tfUCIqD5EjYWxy9YdF3U4dClXHY/PEpE21kGi/IByrgL8y5AXJqPBw5
JtPZG9BF+3MUQXHHWeGjyxW5fGaVFo7lxYpYRcm5KcKXkWX6qa9HtVJjA2TWctec
+vtA7IQ7VMlqQx690e0iRy0snBbZyCNxWWK0Wtl3r5kteIpO6mQBu6KqPbmfoy4F
E3zOh18cH0DI2JeWKM0RBUOk3CRSVNGJSbkHIx4mB0iB23snTesrQWWfWSySyV+J
L13tcOnsLvhl6HUYKtLc84GKtBQ35Z5bCoCc+E6cmHN3uWwU+bZRcDqkpfijIf+i
df2gXo+93cddEDCKivawhd7xcqi98zQS9VJ+FdLOZRNe79fFFAqiRy4Y2G2uXYM5
lBL9/H/MvP8x+7ZJMBBFmOz0zN9SNYddRSs1THKxHhWpIKR5ceiJPO6Ew3QRCpqy
qoBDdJe7lNKrovTfzQDNsSbLkyNtCdyrtWmSDftqMwg/EZnahmEYj6bNt6AYN+hC
eK8Ep7X9nVv4M8oK8Cs4zLTrjYVwb7/g76xiYFp+oNv+3dY/Lg6kQWJ1btYtFlWF
dGQZBKjG/DBuRTA//M+pl4qVWbhryetGJ9ZOzn+RC1AssEjrFsjkqxOvRUNie6TI
9HWJ5+W/DFwVWuyvqrqq
=9M0n
-----END PGP SIGNATURE-----

--lwsazs3lomtw7dft--


--===============8046424705882251697==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Twitter
Neue Nachrichten
Werbung