| Summary: | blueman new privilege escalation security issue CVE-2015-8612 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | sysadmin-bugs, tarazed25 |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/668770/ | ||
| Whiteboard: | MGA5-64-OK MGA5-32-OK advisory | ||
| Source RPM: | blueman-2.0.2-1.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2015-12-18 23:48:09 CET
David Walser
2015-12-18 23:48:17 CET
Whiteboard:
(none) =>
MGA5TOO blueman-2.0.3-1.mga6 is submitted and should hit mirrors soon for Cauldron. Will update blueman ( which is still old git) for Mga5 to 2.0.3 stable version Thanks Atilla. Version:
Cauldron =>
5 I have uploaded a updated blueman package for Mageia 5. Suggested advisory: ======================== Updated blueman-2.0.3-1.mga5 package fixes a a privilege escalation vulnerability which effects blueman in mga5.(mga#17361) This update also provides a stable release of blueman instead of a old git snapshot. References: http://openwall.com/lists/oss-security/2015/12/18/6 https://github.com/blueman-project/blueman/issues/416 https://bugs.mageia.org/show_bug.cgi?id=17361 ======================== Updated packages in core/updates_testing: ======================== blueman-2.0.3-1.mga5 Source RPMs: blueman-2.0.3-1.mga5.src.rpm
Atilla ÖNTAŞ
2015-12-19 00:34:31 CET
Assignee:
tarakbumba =>
qa-bugs CVE-2015-8612: http://openwall.com/lists/oss-security/2015/12/19/1 Suggested advisory: ======================== Updated blueman package fixes security vulnerability: Privilege escalation vulnerability in blueman before 2.0.3 in the dbus API (CVE-2015-8612). References: http://openwall.com/lists/oss-security/2015/12/19/1 https://github.com/blueman-project/blueman/issues/416 Summary:
blueman new privilege escalation security issue =>
blueman new privilege escalation security issue CVE-2015-8612 Debian has issued an advisory for this on December 18: https://www.debian.org/security/2015/dsa-3427 URL:
(none) =>
http://lwn.net/Vulnerabilities/668770/ mga5 x86_64 Probably no PoC for this. Before the update both blueman and bluedevil were installed. I had never had much luck with blueman so have moved to bluedevil which was much more reliable. To test the update I uninstalled bluedevil and removed the blueman applet. Installed the update and ran the blueman-manager which placed the applet on the panel and allowed bluetooth to be enabled. Added an audio device and connected to it immediately. Switched off and tried again. An immediate connection, so this is good for 64-bits. Thanks for that Attila. CC:
(none) =>
tarazed25
Len Lawrence
2015-12-26 20:00:03 CET
Whiteboard:
(none) =>
MGA5-64-OK mga5 i586 vbox KDE, Mate, LXDE, GNOME Classic Neither blueman nor bluedevil were able to see the hardware adapter in virtualbox. Is bluetooth supported in vbox? virtualbox-guest-additions is installed. (In reply to Len Lawrence from comment #7) > Is bluetooth supported in vbox? I would be shocked if it was. I had been wondering if it had anything to do with the USB adapter but it appears not so I shall take your word for it. Have to leave the i586 test to somebody else unless I can resurrect my only piece of 32bit hardware which has been been about to drop into the bin. mga5 i586 Mate Managed to get the old laptop running and up-to-date. Could not get Bluetooth running before the update but it connected fine to my Bose SLIII speaker after the update. So it is fine for both architectures. Validating this.
Len Lawrence
2015-12-27 01:34:52 CET
Whiteboard:
MGA5-64-OK =>
MGA5-64-OK MGA5-32-OK
Len Lawrence
2015-12-27 01:35:07 CET
Keywords:
(none) =>
validated_update
Rémi Verschelde
2015-12-28 13:27:18 CET
Whiteboard:
MGA5-64-OK MGA5-32-OK =>
MGA5-64-OK MGA5-32-OK advisory An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0491.html Status:
NEW =>
RESOLVED |