Lucene search

DebianDEBIAN:DSA-3972-1:ACF5D

HistorySep 13, 2017 - 11:54 a.m.

[SECURITY] [DSA 3972-1] bluez security update

2017-09-1311:54:03

lists.debian.org

3.3 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.6%

JSON

Debian Security Advisory DSA-3972-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
September 13, 2017 https://www.debian.org/security/faq

Package : bluez
CVE ID : CVE-2017-1000250
Debian Bug : 875633

An information disclosure vulnerability was discovered in the Service
Discovery Protocol (SDP) in bluetoothd, allowing a proximate attacker to
obtain sensitive information from bluetoothd process memory, including
Bluetooth encryption keys.

For the oldstable distribution (jessie), this problem has been fixed
in version 5.23-2+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 5.43-2+deb9u1.

We recommend that you upgrade your bluez packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9mipsbluez-cups< 5.43-2+deb9u1bluez-cups_5.43-2+deb9u1_mips.deb
Debian8mipsellibbluetooth3< 5.23-2+deb8u1libbluetooth3_5.23-2+deb8u1_mipsel.deb
Debian9amd64bluez-test-tools< 5.43-2+deb9u1bluez-test-tools_5.43-2+deb9u1_amd64.deb
Debian8ppc64ellibbluetooth3-dbg< 5.23-2+deb8u1libbluetooth3-dbg_5.23-2+deb8u1_ppc64el.deb
Debian8s390xlibbluetooth3-dbg< 5.23-2+deb8u1libbluetooth3-dbg_5.23-2+deb8u1_s390x.deb
Debian9i386libbluetooth3< 5.43-2+deb9u1libbluetooth3_5.43-2+deb9u1_i386.deb
Debian7amd64bluez-dbg< 4.99-2+deb7u1bluez-dbg_4.99-2+deb7u1_amd64.deb
Debian9s390xbluez-hcidump< 5.43-2+deb9u1bluez-hcidump_5.43-2+deb9u1_s390x.deb
Debian8armelbluez-cups< 5.23-2+deb8u1bluez-cups_5.23-2+deb8u1_armel.deb
Debian7armelbluez-compat< 4.99-2+deb7u1bluez-compat_4.99-2+deb7u1_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	mips	bluez-cups	< 5.43-2+deb9u1	bluez-cups_5.43-2+deb9u1_mips.deb
Debian	8	mipsel	libbluetooth3	< 5.23-2+deb8u1	libbluetooth3_5.23-2+deb8u1_mipsel.deb
Debian	9	amd64	bluez-test-tools	< 5.43-2+deb9u1	bluez-test-tools_5.43-2+deb9u1_amd64.deb
Debian	8	ppc64el	libbluetooth3-dbg	< 5.23-2+deb8u1	libbluetooth3-dbg_5.23-2+deb8u1_ppc64el.deb
Debian	8	s390x	libbluetooth3-dbg	< 5.23-2+deb8u1	libbluetooth3-dbg_5.23-2+deb8u1_s390x.deb
Debian	9	i386	libbluetooth3	< 5.43-2+deb9u1	libbluetooth3_5.43-2+deb9u1_i386.deb
Debian	7	amd64	bluez-dbg	< 4.99-2+deb7u1	bluez-dbg_4.99-2+deb7u1_amd64.deb
Debian	9	s390x	bluez-hcidump	< 5.43-2+deb9u1	bluez-hcidump_5.43-2+deb9u1_s390x.deb
Debian	8	armel	bluez-cups	< 5.23-2+deb8u1	bluez-cups_5.23-2+deb8u1_armel.deb
Debian	7	armel	bluez-compat	< 4.99-2+deb7u1	bluez-compat_4.99-2+deb7u1_armel.deb