You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa blueman

Sigurnosni nedostatak programskog paketa blueman

==========================================================================
Ubuntu Security Notice USN-4605-1
October 27, 2020

blueman vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Blueman could be made to run programs if it received specially crafted
input.

Software Description:
– blueman: Graphical bluetooth manager

Details:

Vaisha Bernard discovered that blueman did not properly sanitize input
on the d-bus interface to blueman-mechanism. A local attacker could
possibly use this issue to escalate privileges and run arbitrary code or
cause a denial of service. (CVE-2020-15238)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
blueman 2.1.3-2ubuntu1

Ubuntu 20.04 LTS:
blueman 2.1.2-1ubuntu0.1

Ubuntu 18.04 LTS:
blueman 2.0.5-1ubuntu1.1

Ubuntu 16.04 LTS:
blueman 2.0.4-1ubuntu2.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4605-1
CVE-2020-15238

Package Information:
https://launchpad.net/ubuntu/+source/blueman/2.1.3-2ubuntu1
https://launchpad.net/ubuntu/+source/blueman/2.1.2-1ubuntu0.1
https://launchpad.net/ubuntu/+source/blueman/2.0.5-1ubuntu1.1
https://launchpad.net/ubuntu/+source/blueman/2.0.4-1ubuntu2.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEE7MowLJorxPNkyBZZW+PTAFZKyRgFAl+YGygACgkQW+PTAFZK
yRgg0g/+JHFYnyZEtZbpvd73sHVdTX5K4TIpPpffKHSQYxm/Ax7Jq29/cqdcjEYz
V/5B3icJQR059WGVOUrZrpUxlX1weUfcf3NuOkw+4SGQwCap7grs5/+fPGjSAc+V
du3cYNUXENp1T7fSLGTyHcmC0nq9S6yMM7rX7w9J4oJP/FRJKVc9cm/4/OJvtJIR
UzrfkF1Qnh77Cgx+hkV28xFwWXWIHuM8iFiNnTWy7OLdak7H15wln5GAMUehkuHN
Zb/BVmBH5jF+vyTD1Tw5iJb5LBG2GNKGK5OelzD2NCpUauoELaq0wIZxQxiSBYAU
jy5yT9Ml3SWDfSqsLlqDK1Pa3Ar8j1mMkc4QWvXGWRvezqKzoxHLYsToNr2BfwFz
eY57p/PFbc5ZpMRmJ2cm4/Hy/GomTlvZtwhsqQGPQfq7p4EvDNcbZ48mSGamCQgZ
PXdgjHV4E5RI/IMpXQ9oZyNJAvgeRyQUzZCQVQCxWoJfVvn2ftt6jiV4oC9IrHG9
Rezxg80h7AG+k/M7/PJRMTliyeZaCP709N7XmfkxUb1TsxS01x7ZUvheG2g66RYZ
/9rBxvzKh7PIcx/u3XUBfcthHpvnOh7TWw3qQ48S+aaeu/lYztLjbiEfq83dU20s
DuwcnYe4YqQYJ/RT6hmlNpcdhMg7rcy1gBeFMSAgxmNr955FC+M=
=qSRc
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa dnf

Otkriven je sigurnosni nedostatak u programskom paketu dnf za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje 'directory traversal'...

Close