Updated bluez packages fix security vulnerability
Publication date: 21 Sep 2017Modification date: 21 Sep 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-1000250
Description
An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol (SDP). A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information such as Bluetooth encryption keys (CVE-2017-1000250).
References
SRPMS
6/core
- bluez-5.45-2.1.mga6
5/core
- bluez-5.28-1.1.mga5