Säkerhetsbulletin från Debian
DSA-782-1 bluez-utils -- städar inte indata
- Rapporterat den:
- 2005-08-23
- Berörda paket:
- bluez-utils
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Debians felrapporteringssystem: Fel 323365.
I Mitres CVE-förteckning: CVE-2005-2547. - Ytterligare information:
-
Henryk Plötz upptäckte en sårbarhet i bluez-tools, verktyg och servrar för Bluetooth. På grund av saknad städning av indata är det möjligt för en angripare att exekvera godtyckliga kommandon som sänds med som enhetsnamn från fjärrenheten.
Den gamla stabila utgåvan (Woody) påverkas inte av detta problem eftersom den inte innehåller bluez-utils-paketet.
För den stabila utgåvan (Sarge) har detta problem rättats i version 2.15-1.1.
För den instabila utgåvan (Sid) har detta problem rättats i version 2.19-1.
Vi rekommenderar att ni uppgraderar ert bluez-utils-paket.
- Rättat i:
-
Debian GNU/Linux 3.1 (sarge)
- Källkod:
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1.dsc
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1.diff.gz
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15.orig.tar.gz
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_alpha.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_alpha.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_alpha.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_alpha.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_amd64.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_amd64.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_amd64.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_arm.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_arm.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_arm.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_arm.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_i386.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_i386.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_i386.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_i386.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_ia64.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_ia64.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_ia64.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_ia64.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_hppa.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_hppa.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_hppa.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_hppa.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_m68k.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_m68k.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_m68k.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_m68k.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_mips.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_mips.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_mips.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_mips.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_mipsel.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_mipsel.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_mipsel.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_mipsel.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_powerpc.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_powerpc.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_powerpc.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_powerpc.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_s390.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_s390.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_s390.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_sparc.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_sparc.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_sparc.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_sparc.deb
- http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.