Security Advisory Moderate: bluez-libs and bluez-utils security update

Advisory: RHSA-2008:0581-5
Type: Security Advisory
Severity: Moderate
Issued on: 2008-07-14
Last updated on: 2008-07-14
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20080581.xml
CVEs (cve.mitre.org): CVE-2008-2374

Details

Updated bluez-libs and bluez-utils packages that fix a security flaw are
now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The bluez-libs package contains libraries for use in Bluetooth
applications. The bluez-utils package contains Bluetooth daemons and utilities.

An input validation flaw was found in the Bluetooth Session Description
Protocol (SDP) packet parser used by the Bluez Bluetooth utilities. A
Bluetooth device with an already-established trust relationship, or a local
user registering a service record via a UNIX® socket or D-Bus interface,
could cause a crash, or possibly execute arbitrary code with privileges of
the hcid daemon. (CVE-2008-2374)

Users of bluez-libs and bluez-utils are advised to upgrade to these updated
packages, which contains a backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
IA-32:
bluez-libs-devel-3.7-1.1.i386.rpm     ca6ab077d1be4ce3f7eb55c42df4dadc
 
x86_64:
bluez-libs-devel-3.7-1.1.i386.rpm     ca6ab077d1be4ce3f7eb55c42df4dadc
bluez-libs-devel-3.7-1.1.x86_64.rpm     0da28688b03f8a2b9c34511085531347
 
Red Hat Desktop (v. 4)
SRPMS:
bluez-libs-2.10-3.src.rpm     5ff7f466dfdc4e862bdb5015d667f4d7
bluez-utils-2.10-2.4.src.rpm     9f1e0f9f3b5fb5cc70f37b5a18134ad2
 
IA-32:
bluez-libs-2.10-3.i386.rpm     b62787924de75f6c83f5e5a239948c95
bluez-libs-devel-2.10-3.i386.rpm     666b045e815f6659a29f8e53396d6807
bluez-utils-2.10-2.4.i386.rpm     e371c253431c7002b812bbe3d9b09042
bluez-utils-cups-2.10-2.4.i386.rpm     c0d59ed1dab50060eef56d98d628b599
 
x86_64:
bluez-libs-2.10-3.i386.rpm     b62787924de75f6c83f5e5a239948c95
bluez-libs-2.10-3.x86_64.rpm     dc0c356c2f575b3b85ad803ebab8997c
bluez-libs-devel-2.10-3.x86_64.rpm     afcebda2e0ff12f23c0f4bf9a6e47bfa
bluez-utils-2.10-2.4.x86_64.rpm     2f67a61502cbe2141e2c2caf2e2a26ff
bluez-utils-cups-2.10-2.4.x86_64.rpm     1b239bca9634f33bec4fd6a565d675e1
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
bluez-libs-3.7-1.1.src.rpm     d5a4858f71e8b714f1ae20041e51a7eb
bluez-utils-3.7-2.2.src.rpm     7f074a55756591a4d20652a47cbb72b8
 
IA-32:
bluez-libs-3.7-1.1.i386.rpm     8ca980402a076a61a99ff1432211b4df
bluez-libs-devel-3.7-1.1.i386.rpm     ca6ab077d1be4ce3f7eb55c42df4dadc
bluez-utils-3.7-2.2.i386.rpm     16fa86b282ba9cb0480378d4c9c7da7c
bluez-utils-cups-3.7-2.2.i386.rpm     c811bf1ef65cade412adf9d940a9954e
 
IA-64:
bluez-libs-3.7-1.1.ia64.rpm     bf4d342ff1951cb48964a6009bb087db
bluez-libs-devel-3.7-1.1.ia64.rpm     f9aa7d972b59e4465d72e1ef7df98459
bluez-utils-3.7-2.2.ia64.rpm     792ff7a1cbf4c048b893ac32e8474746
bluez-utils-cups-3.7-2.2.ia64.rpm     e366895f8b9c883a8ccc25440818e614
 
PPC:
bluez-libs-3.7-1.1.ppc.rpm     6e8d3ad123b5c72e8b7476e278aacd4c
bluez-libs-3.7-1.1.ppc64.rpm     20a6d8b8983480ffce26f90abcb1d8ba
bluez-libs-devel-3.7-1.1.ppc.rpm     f1a3424daafddb3c2c75ccaa42cb2a8c
bluez-libs-devel-3.7-1.1.ppc64.rpm     ba8658787579ee7ab466b2285950d51a
bluez-utils-3.7-2.2.ppc.rpm     292138ab8eff0b0aac2e7aa08146b504
bluez-utils-cups-3.7-2.2.ppc.rpm     a879e008d9bb2daef6b765ed8468ce17
 
x86_64:
bluez-libs-3.7-1.1.i386.rpm     8ca980402a076a61a99ff1432211b4df
bluez-libs-3.7-1.1.x86_64.rpm     e5a3a7e578188acbe1c579ce67ba3757
bluez-libs-devel-3.7-1.1.i386.rpm     ca6ab077d1be4ce3f7eb55c42df4dadc
bluez-libs-devel-3.7-1.1.x86_64.rpm     0da28688b03f8a2b9c34511085531347
bluez-utils-3.7-2.2.x86_64.rpm     2fff0ee9e619e16d217d60cbf2bbe34d
bluez-utils-cups-3.7-2.2.x86_64.rpm     8aed1de1e58735e79cc5a3f667f1b485
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
bluez-libs-2.10-3.src.rpm     5ff7f466dfdc4e862bdb5015d667f4d7
bluez-utils-2.10-2.4.src.rpm     9f1e0f9f3b5fb5cc70f37b5a18134ad2
 
IA-32:
bluez-libs-2.10-3.i386.rpm     b62787924de75f6c83f5e5a239948c95
bluez-libs-devel-2.10-3.i386.rpm     666b045e815f6659a29f8e53396d6807
bluez-utils-2.10-2.4.i386.rpm     e371c253431c7002b812bbe3d9b09042
bluez-utils-cups-2.10-2.4.i386.rpm     c0d59ed1dab50060eef56d98d628b599
 
IA-64:
bluez-libs-2.10-3.i386.rpm     b62787924de75f6c83f5e5a239948c95
bluez-libs-2.10-3.ia64.rpm     705f263d09b274d8ac51ff629b218bfe
bluez-libs-devel-2.10-3.ia64.rpm     0947e88669fcf87bbdf53f8ca6b01b3f
bluez-utils-2.10-2.4.ia64.rpm     bd6f5468d5000e5accab1cf95bba081b
bluez-utils-cups-2.10-2.4.ia64.rpm     f3c2208339b7061526feaa5865265b10
 
PPC:
bluez-libs-2.10-3.ppc.rpm     7e55f8ba2251e7aba86919c81e618aeb
bluez-libs-2.10-3.ppc64.rpm     dc4c5918d0d9bac942cdac7df68e514e
bluez-libs-devel-2.10-3.ppc.rpm     d9b9cf01ad93c604e3c3d85cad18adda
bluez-utils-2.10-2.4.ppc.rpm     c617979b73c3564f3083795449683df9
bluez-utils-cups-2.10-2.4.ppc.rpm     5321e0a3ff38669acce15d56dd037164
 
x86_64:
bluez-libs-2.10-3.i386.rpm     b62787924de75f6c83f5e5a239948c95
bluez-libs-2.10-3.x86_64.rpm     dc0c356c2f575b3b85ad803ebab8997c
bluez-libs-devel-2.10-3.x86_64.rpm     afcebda2e0ff12f23c0f4bf9a6e47bfa
bluez-utils-2.10-2.4.x86_64.rpm     2f67a61502cbe2141e2c2caf2e2a26ff
bluez-utils-cups-2.10-2.4.x86_64.rpm     1b239bca9634f33bec4fd6a565d675e1
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
bluez-libs-3.7-1.1.src.rpm     d5a4858f71e8b714f1ae20041e51a7eb
bluez-utils-3.7-2.2.src.rpm     7f074a55756591a4d20652a47cbb72b8
 
IA-32:
bluez-libs-3.7-1.1.i386.rpm     8ca980402a076a61a99ff1432211b4df
bluez-utils-3.7-2.2.i386.rpm     16fa86b282ba9cb0480378d4c9c7da7c
bluez-utils-cups-3.7-2.2.i386.rpm     c811bf1ef65cade412adf9d940a9954e
 
x86_64:
bluez-libs-3.7-1.1.i386.rpm     8ca980402a076a61a99ff1432211b4df
bluez-libs-3.7-1.1.x86_64.rpm     e5a3a7e578188acbe1c579ce67ba3757
bluez-utils-3.7-2.2.x86_64.rpm     2fff0ee9e619e16d217d60cbf2bbe34d
bluez-utils-cups-3.7-2.2.x86_64.rpm     8aed1de1e58735e79cc5a3f667f1b485
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
bluez-libs-2.10-3.src.rpm     5ff7f466dfdc4e862bdb5015d667f4d7
bluez-utils-2.10-2.4.src.rpm     9f1e0f9f3b5fb5cc70f37b5a18134ad2
 
IA-32:
bluez-libs-2.10-3.i386.rpm     b62787924de75f6c83f5e5a239948c95
bluez-libs-devel-2.10-3.i386.rpm     666b045e815f6659a29f8e53396d6807
bluez-utils-2.10-2.4.i386.rpm     e371c253431c7002b812bbe3d9b09042
bluez-utils-cups-2.10-2.4.i386.rpm     c0d59ed1dab50060eef56d98d628b599
 
IA-64:
bluez-libs-2.10-3.i386.rpm     b62787924de75f6c83f5e5a239948c95
bluez-libs-2.10-3.ia64.rpm     705f263d09b274d8ac51ff629b218bfe
bluez-libs-devel-2.10-3.ia64.rpm     0947e88669fcf87bbdf53f8ca6b01b3f
bluez-utils-2.10-2.4.ia64.rpm     bd6f5468d5000e5accab1cf95bba081b
bluez-utils-cups-2.10-2.4.ia64.rpm     f3c2208339b7061526feaa5865265b10
 
x86_64:
bluez-libs-2.10-3.i386.rpm     b62787924de75f6c83f5e5a239948c95
bluez-libs-2.10-3.x86_64.rpm     dc0c356c2f575b3b85ad803ebab8997c
bluez-libs-devel-2.10-3.x86_64.rpm     afcebda2e0ff12f23c0f4bf9a6e47bfa
bluez-utils-2.10-2.4.x86_64.rpm     2f67a61502cbe2141e2c2caf2e2a26ff
bluez-utils-cups-2.10-2.4.x86_64.rpm     1b239bca9634f33bec4fd6a565d675e1
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
bluez-libs-2.10-3.src.rpm     5ff7f466dfdc4e862bdb5015d667f4d7
bluez-utils-2.10-2.4.src.rpm     9f1e0f9f3b5fb5cc70f37b5a18134ad2
 
IA-32:
bluez-libs-2.10-3.i386.rpm     b62787924de75f6c83f5e5a239948c95
bluez-libs-devel-2.10-3.i386.rpm     666b045e815f6659a29f8e53396d6807
bluez-utils-2.10-2.4.i386.rpm     e371c253431c7002b812bbe3d9b09042
bluez-utils-cups-2.10-2.4.i386.rpm     c0d59ed1dab50060eef56d98d628b599
 
IA-64:
bluez-libs-2.10-3.i386.rpm     b62787924de75f6c83f5e5a239948c95
bluez-libs-2.10-3.ia64.rpm     705f263d09b274d8ac51ff629b218bfe
bluez-libs-devel-2.10-3.ia64.rpm     0947e88669fcf87bbdf53f8ca6b01b3f
bluez-utils-2.10-2.4.ia64.rpm     bd6f5468d5000e5accab1cf95bba081b
bluez-utils-cups-2.10-2.4.ia64.rpm     f3c2208339b7061526feaa5865265b10
 
x86_64:
bluez-libs-2.10-3.i386.rpm     b62787924de75f6c83f5e5a239948c95
bluez-libs-2.10-3.x86_64.rpm     dc0c356c2f575b3b85ad803ebab8997c
bluez-libs-devel-2.10-3.x86_64.rpm     afcebda2e0ff12f23c0f4bf9a6e47bfa
bluez-utils-2.10-2.4.x86_64.rpm     2f67a61502cbe2141e2c2caf2e2a26ff
bluez-utils-cups-2.10-2.4.x86_64.rpm     1b239bca9634f33bec4fd6a565d675e1
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

452715 - CVE-2008-2374 bluez-libs: SDP payload processing vulnerability


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2374
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/