New Search

RHSA-2008:0581 -- bluez-libs and bluez-utils security update (Moderate)

oval:org.mitre.oval:def:29255

Updated bluez-libs and bluez-utils packages that fix a security flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The bluez-libs package contains libraries for use in Bluetooth applications. The bluez-utils package contains Bluetooth daemons and utilities. An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used by the Bluez Bluetooth utilities. A Bluetooth device with an already-established trust relationship or a local user registering a service record via a UNIX reg; socket or D-Bus interface could cause a crash or possibly execute arbitrary code with privileges of the hcid daemon. (CVE-2008-2374) Users of bluez-libs and bluez-utils are advised to upgrade to these updated packages which contains a backported patch to correct this issue.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 4
  • CentOS Linux 5
  • Red Hat Enterprise Linux 5
Class:
patch
Reference(s):
  • RHSA-2008:0581
  • CESA-2008:0581-CentOS 5
  • CVE-2008-2374
Product(s):
  • bluez-utils
  • bluez-libs