==========================================================================
Ubuntu Security Notice USN-4605-1
October 27, 2020
blueman vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Blueman could be made to run programs if it received specially crafted
input.
Software Description:
– blueman: Graphical bluetooth manager
Details:
Vaisha Bernard discovered that blueman did not properly sanitize input
on the d-bus interface to blueman-mechanism. A local attacker could
possibly use this issue to escalate privileges and run arbitrary code or
cause a denial of service. (CVE-2020-15238)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
blueman 2.1.3-2ubuntu1
Ubuntu 20.04 LTS:
blueman 2.1.2-1ubuntu0.1
Ubuntu 18.04 LTS:
blueman 2.0.5-1ubuntu1.1
Ubuntu 16.04 LTS:
blueman 2.0.4-1ubuntu2.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4605-1
CVE-2020-15238
Package Information:
https://launchpad.net/ubuntu/+source/blueman/2.1.3-2ubuntu1
https://launchpad.net/ubuntu/+source/blueman/2.1.2-1ubuntu0.1
https://launchpad.net/ubuntu/+source/blueman/2.0.5-1ubuntu1.1
https://launchpad.net/ubuntu/+source/blueman/2.0.4-1ubuntu2.1
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEE7MowLJorxPNkyBZZW+PTAFZKyRgFAl+YGygACgkQW+PTAFZK
yRgg0g/+JHFYnyZEtZbpvd73sHVdTX5K4TIpPpffKHSQYxm/Ax7Jq29/cqdcjEYz
V/5B3icJQR059WGVOUrZrpUxlX1weUfcf3NuOkw+4SGQwCap7grs5/+fPGjSAc+V
du3cYNUXENp1T7fSLGTyHcmC0nq9S6yMM7rX7w9J4oJP/FRJKVc9cm/4/OJvtJIR
UzrfkF1Qnh77Cgx+hkV28xFwWXWIHuM8iFiNnTWy7OLdak7H15wln5GAMUehkuHN
Zb/BVmBH5jF+vyTD1Tw5iJb5LBG2GNKGK5OelzD2NCpUauoELaq0wIZxQxiSBYAU
jy5yT9Ml3SWDfSqsLlqDK1Pa3Ar8j1mMkc4QWvXGWRvezqKzoxHLYsToNr2BfwFz
eY57p/PFbc5ZpMRmJ2cm4/Hy/GomTlvZtwhsqQGPQfq7p4EvDNcbZ48mSGamCQgZ
PXdgjHV4E5RI/IMpXQ9oZyNJAvgeRyQUzZCQVQCxWoJfVvn2ftt6jiV4oC9IrHG9
Rezxg80h7AG+k/M7/PJRMTliyeZaCP709N7XmfkxUb1TsxS01x7ZUvheG2g66RYZ
/9rBxvzKh7PIcx/u3XUBfcthHpvnOh7TWw3qQ48S+aaeu/lYztLjbiEfq83dU20s
DuwcnYe4YqQYJ/RT6hmlNpcdhMg7rcy1gBeFMSAgxmNr955FC+M=
=qSRc
—–END PGP SIGNATURE—–
—