|
|
|
Choosing A Webhost: |
[USN-256-1] bluez-hcidump vulnerability: msg#00008linux.ubuntu.security.announce
=========================================================== Ubuntu Security Notice USN-256-1 February 21, 2006 bluez-hcidump vulnerability CVE-2006-0670 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: bluez-hcidump The problem can be corrected by upgrading the affected package to version 1.5-2ubuntu0.1 (for Ubuntu 4.10), 1.12-1ubuntu0.1 (for Ubuntu 5.04), or 1.23-0ubuntu1.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Pierre Betouin discovered a Denial of Service vulnerability in the handling of the L2CAP (Logical Link Control and Adaptation Layer Protocol) layer. By sending a specially crafted L2CAP packet through a wireless Bluetooth connection, a remote attacker could crash hcidump. Since hcidump is mainly a debugging tool, the impact of this flaw is very low. Updated packages for Ubuntu 4.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bluez-hcidump/bluez-hcidump_1.5-2ubuntu0.1.diff.gz Size/MD5: 117334 2be393fb2b17f097d84c4bf1e41759b8 http://security.ubuntu.com/ubuntu/pool/main/b/bluez-hcidump/bluez-hcidump_1.5-2ubuntu0.1.dsc Size/MD5: 649 2cbb2217b51ce137d84487cc8c7e67fc http://security.ubuntu.com/ubuntu/pool/main/b/bluez-hcidump/bluez-hcidump_1.5.orig.tar.gz Size/MD5: 166968 346f86c8e1824a505e976d0a2c8a0578 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/b/bluez-hcidump/bluez-hcidump_1.5-2ubuntu0.1_amd64.deb Size/MD5: 25198 7d0d59b7597b7d64345e9255f29ea684 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/b/bluez-hcidump/bluez-hcidump_1.5-2ubuntu0.1_i386.deb Size/MD5: 23146 93c04094444cc482058d67cb78ca7244 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/b/bluez-hcidump/bluez-hcidump_1.5-2ubuntu0.1_powerpc.deb Size/MD5: 25446 ccfa304db68953e1d2989df0fed8259c Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bluez-hcidump/bluez-hcidump_1.12-1ubuntu0.1.diff.gz Size/MD5: 2277 09602446f4bdae6c8126e33db11f3249 http://security.ubuntu.com/ubuntu/pool/main/b/bluez-hcidump/bluez-hcidump_1.12-1ubuntu0.1.dsc Size/MD5: 663 8efc5c10713d06de9d55613055208bca http://security.ubuntu.com/ubuntu/pool/main/b/bluez-hcidump/bluez-hcidump_1.12.orig.tar.gz Size/MD5: 102003 c64f44a05e3c3f036134850c8fb24a00 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/b/bluez-hcidump/bluez-hcidump_1.12-1ubuntu0.1_amd64.deb Size/MD5: 39052 4f466a14a74802cb0ea83d9859d108a9 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/b/bluez-hcidump/bluez-hcidump_1.12-1ubuntu0.1_i386.deb Size/MD5: 35048 9b767b24c3ce114a9b44cc9901335826 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/b/bluez-hcidump/bluez-hcidump_1.12-1ubuntu0.1_powerpc.deb Size/MD5: 37636 9934f9d3c03affe2a3c7d84b00cacbed Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/bluez-hcidump/bluez-hcidump_1.23-0ubuntu1.1.diff.gz Size/MD5: 2454 9ff0a74db5cd83914ed466a8acdf0beb http://security.ubuntu.com/ubuntu/pool/main/b/bluez-hcidump/bluez-hcidump_1.23-0ubuntu1.1.dsc Size/MD5: 662 5191c2d9cabb93969ce0604548ddc696 http://security.ubuntu.com/ubuntu/pool/main/b/bluez-hcidump/bluez-hcidump_1.23.orig.tar.gz Size/MD5: 124717 24a72cfc605278f2846c786ae54230c2 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/b/bluez-hcidump/bluez-hcidump_1.23-0ubuntu1.1_amd64.deb Size/MD5: 68856 9ed3cd8a70fdf2f494002894208029a2 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/b/bluez-hcidump/bluez-hcidump_1.23-0ubuntu1.1_i386.deb Size/MD5: 62994 c6fab1702f2dab19af5bd2ff86af07a5 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/b/bluez-hcidump/bluez-hcidump_1.23-0ubuntu1.1_powerpc.deb Size/MD5: 69474 b75ce72ab552b0b32c301c854ea7e549
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | [USN-253-1] heimdal vulnerability, Martin Pitt |
|---|---|
| Next by Date: | [USN-254-1] noweb vulnerability, Martin Pitt |
| Previous by Thread: | [USN-253-1] heimdal vulnerability, Martin Pitt |
| Next by Thread: | [USN-254-1] noweb vulnerability, Martin Pitt |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
Free MagazinesCisco NewsReceive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business. subscribe Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field. subscribe The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business. subscribe Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company. subscribe Total Telecom Total Telecom is "The Economist of the communications industry". subscribe |
