bluez-5.44-4.el7
エラータID: AXSA:2017-2242:02
The bluez packages contain the following utilities for use in Bluetooth
applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts
(Asianux), and pcmcia configuration files.
Security Fix(es):
* An information-disclosure flaw was found in the bluetoothd implementation of
the Service Discovery Protocol (SDP). A specially crafted Bluetooth device
could, without prior pairing or user interaction, retrieve portions of the
bluetoothd process memory, including potentially sensitive information such as
Bluetooth encryption keys. (CVE-2017-1000250)
Asianux would like to thank Armis Labs for reporting this issue.
CVE-2017-1000250
All versions of the SDP server in BlueZ 5.46 and earlier are
vulnerable to an information disclosure vulnerability which allows
remote attackers to obtain sensitive information from the bluetoothd
process memory. This vulnerability lies in the processing of SDP
search attribute requests.
Update packages.
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.
N/A
SRPMS
- bluez-5.44-4.el7.src.rpm
MD5: 58ee5c10629ca6701139bf70f7c88d94
SHA-256: 900757929fd7b81ddc2e0d5a83690f7bd52eae27c7582bd80690c69cfabbad2c
Size: 1.63 MB
Asianux Server 7 for x86_64
- bluez-5.44-4.el7.x86_64.rpm
MD5: cf93a4cca1c9061385655e2a4a829325
SHA-256: 58074a7b53341bd3cb13697bc18aab7a26250ad9a8f38f98fa8475fe25da3590
Size: 1.23 MB - bluez-libs-5.44-4.el7.x86_64.rpm
MD5: 9345609d35373681c94f04863b957d6a
SHA-256: 750efcd4a93b8aba55b851a26b64ea03abc11b8ae00481f00695a43891de083d
Size: 79.40 kB - bluez-libs-5.44-4.el7.i686.rpm
MD5: 876ccfc719b93e106b78e90fa3d4ac2b
SHA-256: 85316278a918886684c7bf3ce70f49ee272bdeac7757344f51bce6578ce9a262
Size: 78.82 kB
日本語