| Summary: | blueman new security issue CVE-2020-15238 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, geiger.david68210, jani.valimaa, ouaurelien, sysadmin-bugs, tarazed25 |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | blueman-2.1-0.beta1.1.mga7.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-10-29 16:51:02 CET
David Walser
2020-10-29 16:51:23 CET
CC:
(none) =>
geiger.david68210, jani.valimaa Ubuntu has issued an advisory for this on October 27: https://ubuntu.com/security/notices/USN-4605-1 blueman-2.1.4-1.mga8 uploaded for Cauldron by David Geiger. Source RPM:
blueman-2.1.3-2.mga8.src.rpm =>
blueman-2.1-0.beta1.1.mga7.src.rpm Updated package uploaded for Mageia 7 by David Geiger. Advisory: ======================== Updated blueman package fixes security vulnerability: Vaisha Bernard discovered that blueman did not properly sanitize input on the D-Bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service (CVE-2020-15238). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15238 https://ubuntu.com/security/notices/USN-4605-1 ======================== Updated packages in core/updates_testing: ======================== blueman-2.1.4-1.mga7 from blueman-2.1.4-1.mga7.src.rpm Assignee:
bugsquad =>
qa-bugs mga7, x64 Could not follow the description of the exploit after following the CVE link so skipped the PoC. Updated blueman and connected to a bluetooth audio device immediately and it showed up in pulseaudio volume control. Played a WAV file via sox. Looks fine. CC:
(none) =>
tarazed25 Good enough for me. Validating. Advisory in Comment 3. CC:
(none) =>
andrewsfarm, sysadmin-bugs Advisory pushed to SVN. CC:
(none) =>
ouaurelien (In reply to David Walser from comment #0) > Attention needs to be paid to the mitigation instructions in the CVE > description as well. I believe the correct changes were made in r1363060 by > Jani, but these will need to be backported to Mageia 7. This wasn't done. I think Ubuntu made this change in a subsequent update: https://ubuntu.com/security/notices/USN-4605-2 Whiteboard:
MGA7-64-OK =>
(none) (In reply to David Walser from comment #7) > (In reply to David Walser from comment #0) > > Attention needs to be paid to the mitigation instructions in the CVE > > description as well. I believe the correct changes were made in r1363060 by > > Jani, but these will need to be backported to Mageia 7. > > This wasn't done. I really don't understand what is missing here? See the commit I referenced. The change for blueman-applet.service renamed to org.blueman.Applet.service is already done in release 2.1.4. Ahh yes the commit is in Mageia 7 after all. Assignee:
geiger.david68210 =>
qa-bugs
David Walser
2020-11-06 16:55:38 CET
Whiteboard:
(none) =>
MGA7-64-OK An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0402.html Status:
NEW =>
RESOLVED |