[USN-413-1] BlueZ vulnerability

Kees Cook kees at ubuntu.com
Wed Jan 24 02:28:49 UTC 2007


=========================================================== 
Ubuntu Security Notice USN-413-1           January 24, 2007
bluez-utils vulnerability
CVE-2006-6899
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  bluez-utils                              2.20-0ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A flaw was discovered in the HID daemon of bluez-utils.  A remote 
attacker could gain control of the mouse and keyboard if hidd was 
enabled.  This does not affect a default Ubuntu installation, since hidd 
is normally disabled.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2.20-0ubuntu3.1.dsc
      Size/MD5:      650 7bb5c0c29740dfae995a55ba26d07a57
    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2.20-0ubuntu3.1.tar.gz
      Size/MD5:   526189 b2444d694c7511e6653a3a9cead00889

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-cups_2.20-0ubuntu3.1_amd64.deb
      Size/MD5:    20086 3b4ed9604f7ba74d1e287614afa18cf4
    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2.20-0ubuntu3.1_amd64.deb
      Size/MD5:   187672 7aad0bfd925ef78d37cbeef826249c78

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-cups_2.20-0ubuntu3.1_i386.deb
      Size/MD5:    19518 4cce6a8b87feec8426d3b2e63945c434
    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-pcmcia-support_2.20-0ubuntu3.1_i386.deb
      Size/MD5:    15604 cb8dd267df57bcb30ec3c73e180e994e
    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2.20-0ubuntu3.1_i386.deb
      Size/MD5:   164384 431ed3045356754cbdbb96a24a7ec0dd

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-cups_2.20-0ubuntu3.1_powerpc.deb
      Size/MD5:    21414 72d08ff3dd99ffd8674d88fcb56bf69b
    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-pcmcia-support_2.20-0ubuntu3.1_powerpc.deb
      Size/MD5:    15610 c33bd675a14e05622c66fbb590a14442
    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2.20-0ubuntu3.1_powerpc.deb
      Size/MD5:   194032 3a7fbfb965ca835996aee0693307de71

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-cups_2.20-0ubuntu3.1_sparc.deb
      Size/MD5:    19748 39ec9668ce2e9f71c22435585086d01f
    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-pcmcia-support_2.20-0ubuntu3.1_sparc.deb
      Size/MD5:    15610 7b24e1d49ba44ad98faa243a3ea3a405
    http://security.ubuntu.com/ubuntu/pool/main/b/bluez-utils/bluez-utils_2.20-0ubuntu3.1_sparc.deb
      Size/MD5:   169410 93215bf674614af19c8709ded03a8420

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20070123/835553bd/attachment.sig>


More information about the ubuntu-security-announce mailing list