USN-413-1: BlueZ vulnerability
Posted on: 01/24/2007 03:35 AM

A new BlueZ vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-413-1 January 24, 2007
bluez-utils vulnerability
CVE-2006-6899
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
bluez-utils 2.20-0ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A flaw was discovered in the HID daemon of bluez-utils. A remote
attacker could gain control of the mouse and keyboard if hidd was
enabled. This does not affect a default Ubuntu installation, since hidd
is normally disabled.


Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2=
.20-0ubuntu3.1.dsc
Size/MD5: 650 7bb5c0c29740dfae995a55ba26d07a57
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2=
.20-0ubuntu3.1.tar.gz
Size/MD5: 526189 b2444d694c7511e6653a3a9cead00889

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-cups_2.=
20-0ubuntu3.1_amd64.deb
Size/MD5: 20086 3b4ed9604f7ba74d1e287614afa18cf4
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2=
.20-0ubuntu3.1_amd64.deb
Size/MD5: 187672 7aad0bfd925ef78d37cbeef826249c78

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-cups_2.=
20-0ubuntu3.1_i386.deb
Size/MD5: 19518 4cce6a8b87feec8426d3b2e63945c434
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-pcmcia-=
support_2.20-0ubuntu3.1_i386.deb
Size/MD5: 15604 cb8dd267df57bcb30ec3c73e180e994e
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2=
.20-0ubuntu3.1_i386.deb
Size/MD5: 164384 431ed3045356754cbdbb96a24a7ec0dd

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-cups_2.=
20-0ubuntu3.1_powerpc.deb
Size/MD5: 21414 72d08ff3dd99ffd8674d88fcb56bf69b
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-pcmcia-=
support_2.20-0ubuntu3.1_powerpc.deb
Size/MD5: 15610 c33bd675a14e05622c66fbb590a14442
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2=
.20-0ubuntu3.1_powerpc.deb
Size/MD5: 194032 3a7fbfb965ca835996aee0693307de71

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-cups_2.=
20-0ubuntu3.1_sparc.deb
Size/MD5: 19748 39ec9668ce2e9f71c22435585086d01f
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-pcmcia-=
support_2.20-0ubuntu3.1_sparc.deb
Size/MD5: 15610 7b24e1d49ba44ad98faa243a3ea3a405
http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2=
.20-0ubuntu3.1_sparc.deb
Size/MD5: 169410 93215bf674614af19c8709ded03a8420


--w/VI3ydZO+RcZ3Ux
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFtsRhH/9LqRcGPm0RApa5AJ4lyOEI+av5n53+dDgOrzHYHyTdiQCfZ1WL
Wqz7gb8No7KGzhTxZAOFJqs=
=jadj
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_413_1_bluez_vulnerability.html)