Advisories » MGASA-2020-0402

Updated blueman packages fixes a security vulnerability

Publication date: 08 Nov 2020
Modification date: 08 Nov 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-15238

Description

Vaisha Bernard discovered that blueman did not properly sanitize input on the
D-Bus interface to blueman-mechanism. A local attacker could possibly use this
issue to escalate privileges and run arbitrary code or cause a denial of
service (CVE-2020-15238).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=27485
• https://ubuntu.com/security/notices/USN-4605-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15238

SRPMS

7/core

• blueman-2.1.4-1.mga7