Debian alert DLA-1103-1 (bluez)
| From: | Lucas Kanashiro <kanashiro@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1103-1] bluez security update | |
| Date: | Thu, 21 Sep 2017 18:01:18 -0300 | |
| Message-ID: | <20170921210113.kctozkwvbafspk7t@riseup.net> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : bluez Version : 4.99-2+deb7u1 CVE ID : CVE-2017-1000250 Debian Bug : 875633 The SDP server in BlueZ is vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. For Debian 7 "Wheezy", these problems have been fixed in version 4.99-2+deb7u1. We recommend that you upgrade your bluez packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAlnEKF0ACgkQ+COicpiD yXyjpxAAr4T4i/9jAC+wI6lo6XbwKRWK022z9NmhRwHSmStZ7NGH/UzBXSR/tLFt Usa6tYcreoDSTbajFluNSzk2ZuxeFDqUpOhcyVqqt6rw8wIaIpo26KkCPU+U+5jY NLAQt90o0HZzHSbNxxIr7BjDcfgYblpYcdTyuxKVNEEYnyglMt8j2lMk4IQYVRMw q2i+f3WWTVcNgnqmRIpIwMLEnuuw8xKpKAsxf+BFC+mAAJMfJ2A8GNU7hrOr/cam 35hrEfd76EiJK3Kgoe4PSDnxN9BRHiEAIluDFynSVNTnvBt34wpNjmaA+8Mg848K hLYHkiBXOELEzpAc9g1UWNJggcgjl+wRbB6is2NO6ZoQzBRwbUZ1OyMYjaDaHqw5 Ux2UOc86ALOQfYE65mrSQ7HKrtHgDjFWt0GbhN6zBhNMs870yT12AWbN23aBI16N qbml3rAUJGpAU1AsxfX1gvBiAUnekB2LcX8i1w2n9ZLlZqZP8tl4SFhpibuNIQ7B LZuWlXk86v6LLyrCSKO6lLri8Gsoe/Cuj9HrwvAAu5JHiA2UoeadPxBm/fJ3xKLn eiABEw4evxfE4bw7UZ1XI2Ka4pGbHDpPV96DTe78qMleqcbnB+XG/hL1ILqoUd/0 LdwZIO4UD3qV+T9qMVONfZxdQaqYBhExqPl4KtYThQpiMrGqctw= =YRnB -----END PGP SIGNATURE-----