lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1E7VNe-000oelC@finlandia.Infodrom.North.DE> Date: Tue Aug 23 10:48:07 2005 From: joey at infodrom.org (Martin Schulze) Subject: [SECURITY] [DSA 782-1] New bluez-utils packages fix arbitrary command execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 782-1 security@...ian.org http://www.debian.org/security/ Martin Schulze August 23rd, 2005 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : bluez-utils Vulnerability : missing input sanitising Problem-Type : local Debian-specific: no CVE ID : CAN-2005-2547 Debian Bug : 323365 Henryk Pl?tz discovered a vulnerability n bluez-utils, tools and daemons for Bluetooth. Due to missing input sanitising it is possible for an attacker to execute arbitrary commands supplied as device name from the remote device. The old stable distribution (woody) is not affected by this problem since it doesn't contain bluez-utils packages. For the stable distribution (sarge) this problem has been fixed in version 2.15-1.1. For the unstable distribution (sid) this problem has been fixed in version 2.19-1. We recommend that you upgrade your bluez-utils package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1.dsc Size/MD5 checksum: 714 2491914f1cbc13f0ab28dec7e837e424 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1.diff.gz Size/MD5 checksum: 21489 43758255ed6bf5a46a3958f19cc083de http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15.orig.tar.gz Size/MD5 checksum: 299709 4e86dfd4449ff49e82696d8a3b254002 Alpha architecture: http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_alpha.deb Size/MD5 checksum: 17100 ad86005f878483c8cd5ea2593604c9b6 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_alpha.deb Size/MD5 checksum: 19900 816b04f618adbe2ba4ea7bb79a8d7157 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_alpha.deb Size/MD5 checksum: 13908 fa9bd6ebdbd4704f2cdc58a23776ce1d http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_alpha.deb Size/MD5 checksum: 191032 3ab7545f8baf93b0f1d0c37b03fd60d0 AMD64 architecture: http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_amd64.deb Size/MD5 checksum: 16614 a12b51e1eeef5c00d7979fccb6347556 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_amd64.deb Size/MD5 checksum: 18440 524a61c61424bb8878a4d481a4f96639 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_amd64.deb Size/MD5 checksum: 163404 f1de25ec8a42140ff0fd5981f106b446 ARM architecture: http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_arm.deb Size/MD5 checksum: 16350 7f5b07579302c70fe368a8fe879baf64 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_arm.deb Size/MD5 checksum: 18020 410fa646ed25f2e4bf769b80627b8319 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_arm.deb Size/MD5 checksum: 13908 75eca9861302d04cfa3030bcc6cc2e8d http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_arm.deb Size/MD5 checksum: 149058 de5dd73485032ba33405681e38019bd2 Intel IA-32 architecture: http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_i386.deb Size/MD5 checksum: 16294 e95efa30d455f23acc78913f46f8754b http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_i386.deb Size/MD5 checksum: 18006 339294a5b115f1df8460657c044f82a0 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_i386.deb Size/MD5 checksum: 13890 5751fcbe540495b01a2888586a144617 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_i386.deb Size/MD5 checksum: 149220 43e516a0d3a73e11de96a3293ab99e26 Intel IA-64 architecture: http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_ia64.deb Size/MD5 checksum: 17742 5372690843eaed6b19925710c48ad440 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_ia64.deb Size/MD5 checksum: 20610 38b221b3769bb7567d85ff88fd8eb00b http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_ia64.deb Size/MD5 checksum: 13904 38d8f9c631776fdf07befbc8010b51d7 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_ia64.deb Size/MD5 checksum: 213568 14322f997ac251b5c19663d9c8f8aafb HP Precision architecture: http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_hppa.deb Size/MD5 checksum: 17000 1e61a7ef4218ebf09854b28d6f281573 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_hppa.deb Size/MD5 checksum: 18800 396815069f599b99b1fc45b75f32a2cd http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_hppa.deb Size/MD5 checksum: 13908 9b30a8217fcd43466139c1487532e3a8 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_hppa.deb Size/MD5 checksum: 165964 42c6010d54d86b92aa550b3299423098 Motorola 680x0 architecture: http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_m68k.deb Size/MD5 checksum: 16320 25bf3588642aa1040fd39f22c12f5697 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_m68k.deb Size/MD5 checksum: 17706 797c282ecdaa447fa9082b7406eee5ff http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_m68k.deb Size/MD5 checksum: 13924 8d35a46404b9ee45d2a0aab68f48d3e1 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_m68k.deb Size/MD5 checksum: 140002 c665c81408c4022e81d7132e4e7a3522 Big endian MIPS architecture: http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_mips.deb Size/MD5 checksum: 17070 2f3f4dc62239a17b174bf057e7d2dcf2 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_mips.deb Size/MD5 checksum: 18746 d4e753008478ff9501fdd7b39efcb3ce http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_mips.deb Size/MD5 checksum: 13914 05fe887d123e34eab6843adb3d808c51 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_mips.deb Size/MD5 checksum: 173706 fe02dcad2eb60b6db3032dc14e138342 Little endian MIPS architecture: http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_mipsel.deb Size/MD5 checksum: 17092 ecb402ed2303d3e68fedc7f23fb47bb2 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_mipsel.deb Size/MD5 checksum: 18762 282f97232f45e0dadb904d881e1d24c8 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_mipsel.deb Size/MD5 checksum: 13908 60ab63b402731440a44d6b9dc756d4f2 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_mipsel.deb Size/MD5 checksum: 173960 abb2d7193c2698b703a56b71890531f6 PowerPC architecture: http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_powerpc.deb Size/MD5 checksum: 18160 7ed57b2c8f87e9dfdcc5401ce96d5028 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_powerpc.deb Size/MD5 checksum: 19714 da7edeba354bec413084b310805f2277 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_powerpc.deb Size/MD5 checksum: 13908 c2c98f3732799d08c29f2c8fe048b47f http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_powerpc.deb Size/MD5 checksum: 170292 db67afaaccde1cb6f5ac6de30527634d IBM S/390 architecture: http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_s390.deb Size/MD5 checksum: 16796 003612d4408414aad7028aca96a076e7 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_s390.deb Size/MD5 checksum: 18246 ac2b0a2ce0099e60adf1adebf38092e8 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_s390.deb Size/MD5 checksum: 157826 a54bb7d77b422d1cdd66fb647bfa2198 Sun Sparc architecture: http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_sparc.deb Size/MD5 checksum: 16400 8f3da8e4a00cb7c1986a3c5bf06946ad http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_sparc.deb Size/MD5 checksum: 17792 e1ef13fe1345cf554a65490430605040 http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_sparc.deb Size/MD5 checksum: 13908 5863ca5e69542f659f30e4623abf07bf http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_sparc.deb Size/MD5 checksum: 146742 7e7a54e5b793f702e9432480c1a4bdfe These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@...ts.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDCvC+W5ql+IAeqTIRAilBAJ9OJQv6m54DM/WwSFiTHDtTilcHRQCeJ4zE dPcoN9ilzvgAs6wjLdquh1g= =/kVV -----END PGP SIGNATURE-----