Malware Devil

Loading...

Wednesday, October 28, 2020

ESB-2020.3702 – [Linux][Debian] blueman: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3702
                          blueman security update
                              28 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           blueman
Publisher:         Debian
Operating System:  Debian GNU/Linux 10
                   Linux variants
Impact/Access:     Increased Privileges -- Existing Account
                   Denial of Service    -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-15238  

Original Bulletin: 
   http://www.debian.org/security/2020/dsa-4781

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running blueman check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4781-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 27, 2020                      https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : blueman
CVE ID         : CVE-2020-15238

Vaisha Bernard discovered that Blueman, a graphical bluetooth manager
performed insufficient validation on a D-Bus interface, which could
result in denial of service or privilege escalation.

For the stable distribution (buster), this problem has been fixed in
version 2.0.8-1+deb10u1.

We recommend that you upgrade your blueman packages.

For the detailed security status of blueman please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/blueman

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl+YaFoACgkQEMKTtsN8
TjZsPxAAsWL167EZ7JJIC4rt1hMY5Pe5J2wBdIjLBEXnQYYPH7fEtIS6tRKTfL5l
YDzXq2BiBbO2Y5I0h97hEoXDhmB2GAT0Jld5rjfm59rXSnfbI7h4l6YJ35U2cLT2
vsz8wLRVv6xEt/4IpgSSSgYhcpVflOY31nbZItjmkPRpaUBY+MgLcoDURHbmUCFH
WBpYHPwBgx33FzytF942KaY5ZUcwNyhmA7tnNdYpx8HYvynL3S/zwN/PLY3YDD5T
l2b/yubHkAc/uxHBKHlhcBzDPBuSZd4ZR/7WgA61NNHNk+BEWIjKKgqbu4PItq7L
AohK3b8+rthBpzVz/CPQBTzgqc6w1WjQwE/WwwsMa+OOC/2BTwEsZPTzDmTpeKm+
lfyGiuVVsKnqSzYfXN4UsS3RaH2yA2c7QaOlzhP7F6FpLUPEClIrT4RbY3F0I6LP
Q8UMhPE2QGhsZn7ZilmQQV7pKlZEtoJVaJT8tEOgq/QJSxy94ubpe2gVBr6ju/Cp
w859Oxtx84RnYrzeEYd/rAZc0ghJH5d/PcZELvo45gbdTOWaJgTKSsVA9DVAtS7p
0RrY31ewJKKvLV800tgz0v0X6ChTEB/77D3BH+IIqzES959jcniVS6m27u2bR9GF
fhnVksTVs3B5X5xsT+ekeeQPmKGNqRfzZNyh1+aUjiFVWSsJqAU=
=waPl
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX5jK6uNLKJtyKPYoAQhMShAAgW5WE65iujHtOK/CVI9WmxOkVrT45zaf
T+IucocZhczbV6dyiMazz9X1e6EzNM16Qscm+/r8WBQpToSDymgWtOzrlFoVIYzd
ujuLUhvTNUSeGqvxzK6nNbRzTApQSFkgmxmUE5wwr8j5xLsHPp46mW2r1VxpZUMx
F9GIolROqrrbpmUwVjbzl2mH8lrmDfFOO/FyZqy02n8Lb8syzRCYqtoudnR8a4Jz
T5jPkOif2Po7z9gHlOkPbbduLJFAoXmrYtKvNo1qLfFu4+Tu3f1XTIAJtKZmNKAd
TNyScMEXPz4ZndwrJzGimYdMMK7VROR/v4bpYPpS1xBRkpvTTFG5tjcx/4Wjr7tS
QzZ9bO3hX6IHZRaozinm1VUv4WPNqhZdMTTPKBdVvytF7q2Zg/K6G2+7vGRBUk/s
Xgnl+mIc5TzMrZQP21qUYKm9E/Kz1nJ7elwN226/cGHfPYwvjx5P8LnHm81+FNwr
05IGexnVkXmbErzyowal4FghlOGlUlyjWH7YLkI/biRXsV8IvqorX+00h8BLjyg+
4/kx/ZquJBn3CHL1+TSXCBvi7XeGlhVWp8pWhRdD/UhlXjnQSSZvDMvGwrexslKl
UDg9kmGLjrRtOI/W0HxFbx2PCWs/D54iO2ZiF5mWSx915WeR0GTcKf6SuiMmdaft
oAc3gR0aur0=
=kaTa
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3702 – [Linux][Debian] blueman: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2020/10/28/esb-2020-3702-linuxdebian-blueman-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3702-linuxdebian-blueman-multiple-vulnerabilities
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...