Nacionalni CERT

Sigurnosni nedostatak programskog paketa bluez

<p>-----BEGIN PGP SIGNED MESSAGE-----<br />Hash: SHA512<br /><br />- -------------------------------------------------------------------------<br />Debian Security Advisory DSA-3972-1 security@debian.org<br />https://www.debian.org/security/ Salvatore Bonaccorso<br />September 13, 2017 https://www.debian.org/security/faq<br />- -------------------------------------------------------------------------<br /><br />Package : bluez<br />CVE ID : CVE-2017-1000250<br />Debian Bug : 875633<br /><br />An information disclosure vulnerability was discovered in the Service<br />Discovery Protocol (SDP) in bluetoothd, allowing a proximate attacker to<br />obtain sensitive information from bluetoothd process memory, including<br />Bluetooth encryption keys.<br /><br />For the oldstable distribution (jessie), this problem has been fixed<br />in version 5.23-2+deb8u1.<br /><br />For the stable distribution (stretch), this problem has been fixed in<br />version 5.43-2+deb9u1.<br /><br />We recommend that you upgrade your bluez packages.<br /><br />Further information about Debian Security Advisories, how to apply<br />these updates to your system and frequently asked questions can be<br />found at: https://www.debian.org/security/<br /><br />Mailing list: debian-security-announce@lists.debian.org<br />-----BEGIN PGP SIGNATURE-----<br /><br />iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlm5GVZfFIAAAAAALgAo<br />aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2<br />NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND<br />z0TJWxAAhqBjUve/5G0EyxWmnBiSim1gwWAazeSl6xwzIE2hELUxzoQFuXypmtqo<br />EaFbxsLm7d9mCPSXXQt3QYPS43nW4l2foFOHFDpwdaEkLnpj8g6YdEgXIkUbpU0T<br />bn5hT7VwKdxQUV2Dh1TTJttk6HgiGaASpLYhs4dAXFNYCtiAyrfmR4XBYpm0P0dW<br />AGtI6wDqIWXRu4mJN25gaCLKHlbv0L9iF9C0D2/ldPJG2MDvaQlisSNtyI34FTWu<br />YuMuNf8HVKmmGAZ8fLAM5qIII8HJ1I8USkS3DlYTkPffrXIeSZzRjRIhpiF9BicZ<br />42XSeJxfB/OzLdO9LtWtp5Hu9gZRQt12nLFH1p65QXSro5sBw7Fau5bfZUr8eAyt<br />KD4B5582I2niG96rQ6nEWyO09QqEWCu1pGq8XHLFNyJStYTtVN3ewNiDzigWwZND<br />8RzyqSL/2Jy8Mjt5e8Hqyrv57haq15wNH4fZcy5vIadSwfWFv89jQhEvn5hNOS4Q<br />3Kg2lRoS9MspW4VdiqGDQg/yJX3c0bSIC/O+WVXT3WSIRS0D5nvtOKiuMKMvm3CI<br />RLh9qEpE6wa7y3qlbNOo6yO2o8UrXZPU1la3BbXQySLfs8gr+kLPwsDDGzxMUPd+<br />d6sphtoPgqTRtJRuY0TLCc391hsDKWAOX3OSJCeJjeF6a9XqfRg=<br />=9IIv<br />-----END PGP SIGNATURE-----</p>
Otkriven je sigurnosni nedostatak u programskom paketu bluezb za operacijski sustav Debian. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija. Savjetuje se ažuriranje izdanim zakrpama.