openSUSE has issued an advisory today (October 20): https://lists.opensuse.org/opensuse-updates/2017-10/msg00069.html The fix was included in 5.42 upstream, so Mageia 6 already has it. The SUSE bug has a link to the commit that fixed it: https://bugzilla.suse.com/show_bug.cgi?id=1026652
Assigning to the registered maintainer.
Assignee: bugsquad => shlomifCC: (none) => marja11
Patched package uploaded for Mageia 5. Advisory: ======================== Updated bluez packages fix security vulnerability: Buffer overflow in parse_line function in the csr tool (CVE-2016-7837). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7837 https://lists.opensuse.org/opensuse-updates/2017-10/msg00069.html ======================== Updated packages in core/updates_testing: ======================== bluez-5.28-1.2.mga5 bluez-cups-5.28-1.2.mga5 bluez-hid2hci-5.28-1.2.mga5 libbluez3-5.28-1.2.mga5 libbluez-devel-5.28-1.2.mga5 from bluez-5.28-1.2.mga5.src.rpm
Assignee: shlomif => qa-bugs
Mageia 5 on x86_64 Tested bluez via blueman before updating, just bluez and lib64bluez3 installed. Paired with a wireless speaker using the panel icon. bluetoothctl running in a terminal. Updated the packages and installed: bluez-cups-5.28-1.2.mga5 bluez-hid2hci-5.28-1.2.mga5 lib64bluez-devel-5.28-1.2.mga5 Installed the blueman applet in the panel. $ blueman-applet & Detected the USB bluetooth adaptor. Set it to be 'Always visible'. The bt speaker was listed and it paired in trusted mode as soon as it was switched on. Connected it to the audio sink and played a downloaded video from Voices of Music using mplayer-ruby via a home-made jukebox. blueman reported two rates, one up and one down (?) 41 KB/s and 200 B/s. Device added and connected successfully. There is an HP bluetooth printer here but I have had little success in the past trying to run it wirelessly. Shall try that later.
CC: (none) => tarazed25
Continuing from comment 3. Added a bluetooth printer successfully and printed a test page. Note to self: Sometime the Mageia wiki should be updated to reflect bluetooth support. For the moment: When adding a bluetooth cups printer via mcc -> hardware choose URI in search mode and specify bluetooth://<MAC address>/spp as the URI. 'hcitool scan' should return the MAC address if the printer is discoverable. Remove the colons : from the string when typing the URI. $ hcitool scan Scanning ... 30:8D:99:E7:87:F9 OJL411MY573F10P4 OJL411MY573F10P4 is the vendor identification for the HP Officejet 100 used here. The URI would be 'bluetooth://308d99e787f9/spp' In my case the CUPS identification for the printer is deneb. $ lpr -Pdeneb report printed a text file using the default Courier font. This confirms that the update is OK for 64 bits.
Whiteboard: (none) => MGA5-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0414.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED