lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1E8QTO-0003wb-P2@mercury.mandriva.com>
Date: Thu, 25 Aug 2005 16:45:26 -0600
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:150 - Updated bluez-utils packages fix vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           bluez-utils
 Advisory ID:            MDKSA-2005:150
 Date:                   August 25th, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 A vulnerability in bluez-utils was discovered by Henryk Plotz.  Due to
 missing input sanitizing, it was possible for an attacker to execute
 arbitrary commands supplied as a device name from the remote bluetooth
 device.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2547
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 a363e2012cbf365604147ea094d48e51  10.0/RPMS/bluez-utils-2.4-4.1.100mdk.i586.rpm
 b9836323e7edaefa139dbf803ed5b11a  10.0/SRPMS/bluez-utils-2.4-4.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 0c14d3c62ccbb9c53f88f41129883226  amd64/10.0/RPMS/bluez-utils-2.4-4.1.100mdk.amd64.rpm
 b9836323e7edaefa139dbf803ed5b11a  amd64/10.0/SRPMS/bluez-utils-2.4-4.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 ae95bbad5bb67d20a6d209500c729062  10.1/RPMS/bluez-utils-2.10-3.1.101mdk.i586.rpm
 15c9d82af6f029699f5f17901277b4f5  10.1/RPMS/bluez-utils-cups-2.10-3.1.101mdk.i586.rpm
 e612f6d35745cba68c362003a4c163e4  10.1/SRPMS/bluez-utils-2.10-3.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 c63fc9b66c8a6886602fcc34dcc82f0b  x86_64/10.1/RPMS/bluez-utils-2.10-3.1.101mdk.x86_64.rpm
 d27d581f66ed0f4d23ad627f836e86f1  x86_64/10.1/RPMS/bluez-utils-cups-2.10-3.1.101mdk.x86_64.rpm
 e612f6d35745cba68c362003a4c163e4  x86_64/10.1/SRPMS/bluez-utils-2.10-3.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 f909df9003986b72b21a95044298ddba  10.2/RPMS/bluez-utils-2.14-1.1.102mdk.i586.rpm
 c3a06b22a142cb1a5b3f9d07e7acc65f  10.2/RPMS/bluez-utils-cups-2.14-1.1.102mdk.i586.rpm
 c8e48eedc86d6f3dc5e1aa97d4b819fd  10.2/SRPMS/bluez-utils-2.14-1.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 1dccad3836e309b8046d677eccc96cc5  x86_64/10.2/RPMS/bluez-utils-2.14-1.1.102mdk.x86_64.rpm
 76ace2f605fccfb1570c3f74d6c1a5ef  x86_64/10.2/RPMS/bluez-utils-cups-2.14-1.1.102mdk.x86_64.rpm
 c8e48eedc86d6f3dc5e1aa97d4b819fd  x86_64/10.2/SRPMS/bluez-utils-2.14-1.1.102mdk.src.rpm

 Corporate 3.0:
 e9db54c7ed37293e88f9a6a296ef5aa2  corporate/3.0/RPMS/bluez-utils-2.4-4.1.C30mdk.i586.rpm
 68ecbc8a999f219d5613b5ddc3aed4df  corporate/3.0/SRPMS/bluez-utils-2.4-4.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 6cd0acb52a764d5ed594b616c0947db4  x86_64/corporate/3.0/RPMS/bluez-utils-2.4-4.1.C30mdk.x86_64.rpm
 68ecbc8a999f219d5613b5ddc3aed4df  x86_64/corporate/3.0/SRPMS/bluez-utils-2.4-4.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDDkoGmqjQ0CJFipgRAnlNAKCF87ZavpMhfLYGibRLgs4xgSEheQCg6j8f
OVri7gtCTXz7Kn58ruNfTEI=
=BEvC
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ