[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070124022849.GK17546@outflux.net>
Date: Tue, 23 Jan 2007 18:28:49 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-413-1] BlueZ vulnerability
===========================================================
Ubuntu Security Notice USN-413-1 January 24, 2007
bluez-utils vulnerability
CVE-2006-6899
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
bluez-utils 2.20-0ubuntu3.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
A flaw was discovered in the HID daemon of bluez-utils. A remote
attacker could gain control of the mouse and keyboard if hidd was
enabled. This does not affect a default Ubuntu installation, since hidd
is normally disabled.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2.20-0ubuntu3.1.dsc
Size/MD5: 650 7bb5c0c29740dfae995a55ba26d07a57
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2.20-0ubuntu3.1.tar.gz
Size/MD5: 526189 b2444d694c7511e6653a3a9cead00889
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-cups_2.20-0ubuntu3.1_amd64.deb
Size/MD5: 20086 3b4ed9604f7ba74d1e287614afa18cf4
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2.20-0ubuntu3.1_amd64.deb
Size/MD5: 187672 7aad0bfd925ef78d37cbeef826249c78
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-cups_2.20-0ubuntu3.1_i386.deb
Size/MD5: 19518 4cce6a8b87feec8426d3b2e63945c434
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-pcmcia-support_2.20-0ubuntu3.1_i386.deb
Size/MD5: 15604 cb8dd267df57bcb30ec3c73e180e994e
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2.20-0ubuntu3.1_i386.deb
Size/MD5: 164384 431ed3045356754cbdbb96a24a7ec0dd
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-cups_2.20-0ubuntu3.1_powerpc.deb
Size/MD5: 21414 72d08ff3dd99ffd8674d88fcb56bf69b
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-pcmcia-support_2.20-0ubuntu3.1_powerpc.deb
Size/MD5: 15610 c33bd675a14e05622c66fbb590a14442
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2.20-0ubuntu3.1_powerpc.deb
Size/MD5: 194032 3a7fbfb965ca835996aee0693307de71
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-cups_2.20-0ubuntu3.1_sparc.deb
Size/MD5: 19748 39ec9668ce2e9f71c22435585086d01f
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-pcmcia-support_2.20-0ubuntu3.1_sparc.deb
Size/MD5: 15610 7b24e1d49ba44ad98faa243a3ea3a405
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2.20-0ubuntu3.1_sparc.deb
Size/MD5: 169410 93215bf674614af19c8709ded03a8420
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists