lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070124022849.GK17546@outflux.net>
Date: Tue, 23 Jan 2007 18:28:49 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-413-1] BlueZ vulnerability

=========================================================== 
Ubuntu Security Notice USN-413-1           January 24, 2007
bluez-utils vulnerability
CVE-2006-6899
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  bluez-utils                              2.20-0ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A flaw was discovered in the HID daemon of bluez-utils.  A remote 
attacker could gain control of the mouse and keyboard if hidd was 
enabled.  This does not affect a default Ubuntu installation, since hidd 
is normally disabled.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2.20-0ubuntu3.1.dsc
      Size/MD5:      650 7bb5c0c29740dfae995a55ba26d07a57
    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2.20-0ubuntu3.1.tar.gz
      Size/MD5:   526189 b2444d694c7511e6653a3a9cead00889

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-cups_2.20-0ubuntu3.1_amd64.deb
      Size/MD5:    20086 3b4ed9604f7ba74d1e287614afa18cf4
    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2.20-0ubuntu3.1_amd64.deb
      Size/MD5:   187672 7aad0bfd925ef78d37cbeef826249c78

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-cups_2.20-0ubuntu3.1_i386.deb
      Size/MD5:    19518 4cce6a8b87feec8426d3b2e63945c434
    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-pcmcia-support_2.20-0ubuntu3.1_i386.deb
      Size/MD5:    15604 cb8dd267df57bcb30ec3c73e180e994e
    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2.20-0ubuntu3.1_i386.deb
      Size/MD5:   164384 431ed3045356754cbdbb96a24a7ec0dd

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-cups_2.20-0ubuntu3.1_powerpc.deb
      Size/MD5:    21414 72d08ff3dd99ffd8674d88fcb56bf69b
    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-pcmcia-support_2.20-0ubuntu3.1_powerpc.deb
      Size/MD5:    15610 c33bd675a14e05622c66fbb590a14442
    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2.20-0ubuntu3.1_powerpc.deb
      Size/MD5:   194032 3a7fbfb965ca835996aee0693307de71

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-cups_2.20-0ubuntu3.1_sparc.deb
      Size/MD5:    19748 39ec9668ce2e9f71c22435585086d01f
    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-pcmcia-support_2.20-0ubuntu3.1_sparc.deb
      Size/MD5:    15610 7b24e1d49ba44ad98faa243a3ea3a405
    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2.20-0ubuntu3.1_sparc.deb
      Size/MD5:   169410 93215bf674614af19c8709ded03a8420


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ