Mailing List Info
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists
  Archives

About

 
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] bluez (SSA:2017-258-01)
Date: Fri, 15 Sep 2017 13:16:56 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  bluez (SSA:2017-258-01)

New bluez packages are available for Slackware 13.1, 13.37, 14.0, 14.1, 14.2,
and -current to fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bluez-5.47-i586-1_slack14.2.txz:  Upgraded.
  Fixed an information disclosure vulnerability which allows remote attackers
  to obtain sensitive information from the bluetoothd process memory. This
  vulnerability lies in the processing of SDP search attribute requests.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bluez-4.64-i486-2_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bluez-4.64-x86_64-2_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bluez-4.91-i486-2_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bluez-4.91-x86_64-2_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bluez-4.99-i486-3_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bluez-4.99-x86_64-3_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bluez-4.99-i486-4_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bluez-4.99-x86_64-4_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/bluez-5.47-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/bluez-5.47-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bluez-5.47-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bluez-5.47-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 13.1 package:
c34a144a27aecf012ae0f6d4e9d23ec7  bluez-4.64-i486-2_slack13.1.txz

Slackware x86_64 13.1 package:
00fdad5615839cb6846780890ecd473d  bluez-4.64-x86_64-2_slack13.1.txz

Slackware 13.37 package:
0b24842a0c3e6b19bdd45705a155f82f  bluez-4.91-i486-2_slack13.37.txz

Slackware x86_64 13.37 package:
01ec2415e62f36ba954ad18316089963  bluez-4.91-x86_64-2_slack13.37.txz

Slackware 14.0 package:
eadceb46961b159ea4580c65f37e1bb3  bluez-4.99-i486-3_slack14.0.txz

Slackware x86_64 14.0 package:
7a8c9f38fbfca7c8dd35997dbe1e6da2  bluez-4.99-x86_64-3_slack14.0.txz

Slackware 14.1 package:
51a0d2992312419dfcdce2335635d613  bluez-4.99-i486-4_slack14.1.txz

Slackware x86_64 14.1 package:
9b1016510c7292343e81263bee3f6710  bluez-4.99-x86_64-4_slack14.1.txz

Slackware 14.2 package:
7ee07b8ee57a8272703bcc706d148d75  bluez-5.47-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
0a28a8a20122ee46d3ebeb68450d139d  bluez-5.47-x86_64-1_slack14.2.txz

Slackware -current package:
230c704d9f97690c8eee0bb32aed2c50  n/bluez-5.47-i586-1.txz

Slackware x86_64 -current package:
2d4d0f25675d824f445c0fbd74c453ee  n/bluez-5.47-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg bluez-5.47-i586-1_slack14.2.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAlm8ESoACgkQakRjwEAQIjO44gCdHrmnMavTatSV6bsNF7A0B/r3
0sEAn3VxcT+P8bibtAp76xDc0vlFRUih
=bwLT
-----END PGP SIGNATURE-----

Slackware™ is a trademark of Patrick Volkerding.