[manjaro-security] [arch-security] [ASA-201709-3] bluez: information disclosure
anthraxx at archlinux.org
Wed Sep 13 01:02:53 CEST 2017
Arch Linux Security Advisory ASA-201709-3
Date : 2017-09-12
CVE-ID : CVE-2017-1000250
Package : bluez
Type : information disclosure
Remote : Yes
Link : https://security.archlinux.org/AVG-396
The package bluez before version 5.46-2 is vulnerable to information
Upgrade to 5.46-2.
# pacman -Syu "bluez>=5.46-2"
The problem has been fixed upstream but no release is available yet.
An information-disclosure flaw was found in the bluetoothd
implementation of the Service Discovery Protocol (SDP). A specially
crafted Bluetooth device could, without prior pairing or user
interaction, retrieve portions of the bluetoothd process memory,
including potentially sensitive information such as Bluetooth
A remote attacker is able to use a specially crafted Bluetooth device
to obtain sensitive information such as Bluetooth encryption keys.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 866 bytes
Desc: OpenPGP digital signature
More information about the manjaro-security