Blueman 2.0.6 has been released, fixing a polkit authorization issue: http://openwall.com/lists/oss-security/2018/07/31/3 Mageia 6 may also be affected.
Whiteboard: (none) => MGA6TOO
Reassigning to all packagers collectively, because the maintainer can no longer (at least for now) contribute to Mageia. He asked last month to give his packages to "nobody". Of course we do all hope he'll be back, and that he'll be as well as possible now.
CC: (none) => marja11Assignee: tarakbumba => pkg-bugs
blueman-2.0.6-1.mga7 uploaded to cauldron
Status: NEW => ASSIGNEDAssignee: pkg-bugs => brunoVersion: Cauldron => 6Whiteboard: MGA6TOO => (none)CC: (none) => bruno
blueman-2.0.6-1.mga6 uploaded to mga6
Assignee: bruno => qa-bugs
openSUSE has issued an advisory for this on August 10: https://lists.opensuse.org/opensuse-updates/2018-08/msg00072.html There is more information in the SUSE bug: https://bugzilla.suse.com/1083066
*** Bug 23422 has been marked as a duplicate of this bug. ***
Advisory: ======================== Updated blueman package fixes security vulnerability: Flawed polkit authorization checks in blueman allowed any user with access to the D-Bus system bus to trigger certain network configuration logic in blueman without authentication (boo#1083066). References: https://lists.opensuse.org/opensuse-updates/2018-08/msg00072.html ======================== Updated packages in core/updates_testing: ======================== blueman-2.0.6-1.mga6 from blueman-2.0.6-1.mga6.src.rpm
Mageia 6, x86_64 Mate, blueman-2.0.4-1.mga6 Bluetooth audio working. $ ps aux | grep blue root 1394 0.0 0.0 29944 4520 ? Ss 07:34 0:00 /usr/libexec/bluetooth/bluetoothd lcl 4930 0.0 0.3 785140 127940 ? Sl 07:34 0:00 python /bin/blueman-applet lcl 5165 0.0 0.0 31724 3368 ? S 07:34 0:00 /usr/libexec/bluetooth/obexd Ran MageiaUpdate. $ rpm -qa | grep blueman blueman-2.0.6-1.mga6 Restarted the bluetooth service. rfkill state was updated. # rfkill list 0: hci0: Bluetooth Soft blocked: no Hard blocked: no Checked bluetooth audio with a wireless speaker. Immediate connection to the device previously used. $ ps aux | grep blue lcl 4930 0.0 0.3 785396 128152 ? Sl 07:34 0:00 python /bin/blueman-applet lcl 5165 0.0 0.0 31724 3368 ? S 07:34 0:00 /usr/libexec/bluetooth/obexd lcl 9223 0.0 0.0 12292 992 pts/5 S+ 08:10 0:00 grep --color blue root 27624 0.0 0.0 29888 4252 ? Ss 08:05 0:00 /usr/libexec/bluetooth/bluetoothd OK for 64-bits.
CC: (none) => tarazed25
Whiteboard: (none) => MGA6-64-OK
Validating. Advisory in Comment 6.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0414.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED