Summary: | net-wireless/bluez-utils<= 2.19 security vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Henryk Plötz <henryk> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | mobile+disabled, pda |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | C0 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Henryk Plötz
2005-08-06 10:10:46 UTC
liquidx or mobile/pda herds: please apply patch or bump to 2.19 liquidx: are you around to handle this? If I do not hear from you by tomorrow, I will handle the bump so we can get it marked stable on all affected archs. I have added net-wireless/bluez-libs-2.19 and net-wireless/bluez-utils-2.19, which address the issue of this bug report. I will mark them stable on x86 tomorrow if no additional bug reports tick in. Other archs: please follow. I asked for a CAN number to MITRE. Stable on x86. ppc stable ====================================================== Candidate: CAN-2005-2547 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2547 Reference: MLIST:[bluez-devel] 20050804 Possible security vulnerability in hcid when calling pin helper Reference: URL:http://sourceforge.net/mailarchive/forum.php?thread_id=7893206&forum_id=1881 Reference: CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=101557 Reference: CONFIRM:http://cvs.sourceforge.net/viewcvs.py/bluez/utils/hcid/security.c?r1=1.31&r2=1.34 security.c in hcid for BlueZ 2.18 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper. amd64 stable What about hppa? You're right, we missed hppa. hppa, sparc : please test and mark stable. Stable on hppa. sparc please test and mark stable ASAP, thx. sparc stable. didn't get the chance to properly test it, but it should be fine, hopefully i'll get the bt kit by this weekend, play with it and leave it be or mask it. GLSA 200508-09 |