Skip to navigation

Security Advisory Moderate: bluez-utils security update

Advisory: RHSA-2007:0065-2
Type: Security Advisory
Severity: Moderate
Issued on: 2007-05-14
Last updated on: 2007-05-14
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.5.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2006-6899

Details

Updated bluez-utils packages that fix a security flaw are now available for
Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The bluez-utils package contains Bluetooth daemons and utilities.

A flaw was found in the Bluetooth HID daemon (hidd). A remote attacker
would have been able to inject keyboard and mouse events via a Bluetooth
connection without any authorization. (CVE-2006-6899)

Note that Red Hat Enterprise Linux does not come with the Bluetooth HID
daemon enabled by default.

Users of bluez-utils are advised to upgrade to these updated packages, which
contains a backported patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
bluez-utils-2.10-2.2.src.rpm
File outdated by:  RHBA-2009:0024
    MD5: f7a4d82ed172f4984e8e1abecf723eab
 
IA-32:
bluez-utils-2.10-2.2.i386.rpm
File outdated by:  RHBA-2009:0024
    MD5: 818e3b413b31f4fc68e6388dc3feca16
bluez-utils-cups-2.10-2.2.i386.rpm
File outdated by:  RHBA-2009:0024
    MD5: 8ab01e39c64083f86da77b56f1b9ed9c
 
x86_64:
bluez-utils-2.10-2.2.x86_64.rpm
File outdated by:  RHBA-2009:0024
    MD5: 230bdc2688fb568dd6402d7728c40cb4
bluez-utils-cups-2.10-2.2.x86_64.rpm
File outdated by:  RHBA-2009:0024
    MD5: 2c83d5d0ff12b0d627f609e75586fac4
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
bluez-utils-2.10-2.2.src.rpm
File outdated by:  RHBA-2009:0024
    MD5: f7a4d82ed172f4984e8e1abecf723eab
 
IA-32:
bluez-utils-2.10-2.2.i386.rpm
File outdated by:  RHBA-2009:0024
    MD5: 818e3b413b31f4fc68e6388dc3feca16
bluez-utils-cups-2.10-2.2.i386.rpm
File outdated by:  RHBA-2009:0024
    MD5: 8ab01e39c64083f86da77b56f1b9ed9c
 
IA-64:
bluez-utils-2.10-2.2.ia64.rpm
File outdated by:  RHBA-2009:0024
    MD5: ba34fe7467efcb74df5896e42261cfb9
bluez-utils-cups-2.10-2.2.ia64.rpm
File outdated by:  RHBA-2009:0024
    MD5: 864af7581f08ad15f6cbd9961fb53880
 
PPC:
bluez-utils-2.10-2.2.ppc.rpm
File outdated by:  RHBA-2009:0024
    MD5: d7a59edfaeb01d98ec4643958c8c5cdd
bluez-utils-cups-2.10-2.2.ppc.rpm
File outdated by:  RHBA-2009:0024
    MD5: 24b8e2e784629942997068f591dca695
 
x86_64:
bluez-utils-2.10-2.2.x86_64.rpm
File outdated by:  RHBA-2009:0024
    MD5: 230bdc2688fb568dd6402d7728c40cb4
bluez-utils-cups-2.10-2.2.x86_64.rpm
File outdated by:  RHBA-2009:0024
    MD5: 2c83d5d0ff12b0d627f609e75586fac4
 
Red Hat Enterprise Linux AS (v. 4.5.z)

SRPMS:
bluez-utils-2.10-2.2.src.rpm
File outdated by:  RHBA-2009:0024
    MD5: f7a4d82ed172f4984e8e1abecf723eab
 
IA-32:
bluez-utils-2.10-2.2.i386.rpm     MD5: 818e3b413b31f4fc68e6388dc3feca16
bluez-utils-cups-2.10-2.2.i386.rpm     MD5: 8ab01e39c64083f86da77b56f1b9ed9c
 
IA-64:
bluez-utils-2.10-2.2.ia64.rpm     MD5: ba34fe7467efcb74df5896e42261cfb9
bluez-utils-cups-2.10-2.2.ia64.rpm     MD5: 864af7581f08ad15f6cbd9961fb53880
 
PPC:
bluez-utils-2.10-2.2.ppc.rpm     MD5: d7a59edfaeb01d98ec4643958c8c5cdd
bluez-utils-cups-2.10-2.2.ppc.rpm     MD5: 24b8e2e784629942997068f591dca695
 
x86_64:
bluez-utils-2.10-2.2.x86_64.rpm     MD5: 230bdc2688fb568dd6402d7728c40cb4
bluez-utils-cups-2.10-2.2.x86_64.rpm     MD5: 2c83d5d0ff12b0d627f609e75586fac4
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
bluez-utils-2.10-2.2.src.rpm
File outdated by:  RHBA-2009:0024
    MD5: f7a4d82ed172f4984e8e1abecf723eab
 
IA-32:
bluez-utils-2.10-2.2.i386.rpm
File outdated by:  RHBA-2009:0024
    MD5: 818e3b413b31f4fc68e6388dc3feca16
bluez-utils-cups-2.10-2.2.i386.rpm
File outdated by:  RHBA-2009:0024
    MD5: 8ab01e39c64083f86da77b56f1b9ed9c
 
IA-64:
bluez-utils-2.10-2.2.ia64.rpm
File outdated by:  RHBA-2009:0024
    MD5: ba34fe7467efcb74df5896e42261cfb9
bluez-utils-cups-2.10-2.2.ia64.rpm
File outdated by:  RHBA-2009:0024
    MD5: 864af7581f08ad15f6cbd9961fb53880
 
x86_64:
bluez-utils-2.10-2.2.x86_64.rpm
File outdated by:  RHBA-2009:0024
    MD5: 230bdc2688fb568dd6402d7728c40cb4
bluez-utils-cups-2.10-2.2.x86_64.rpm
File outdated by:  RHBA-2009:0024
    MD5: 2c83d5d0ff12b0d627f609e75586fac4
 
Red Hat Enterprise Linux ES (v. 4.5.z)

SRPMS:
bluez-utils-2.10-2.2.src.rpm
File outdated by:  RHBA-2009:0024
    MD5: f7a4d82ed172f4984e8e1abecf723eab
 
IA-32:
bluez-utils-2.10-2.2.i386.rpm     MD5: 818e3b413b31f4fc68e6388dc3feca16
bluez-utils-cups-2.10-2.2.i386.rpm     MD5: 8ab01e39c64083f86da77b56f1b9ed9c
 
IA-64:
bluez-utils-2.10-2.2.ia64.rpm     MD5: ba34fe7467efcb74df5896e42261cfb9
bluez-utils-cups-2.10-2.2.ia64.rpm     MD5: 864af7581f08ad15f6cbd9961fb53880
 
x86_64:
bluez-utils-2.10-2.2.x86_64.rpm     MD5: 230bdc2688fb568dd6402d7728c40cb4
bluez-utils-cups-2.10-2.2.x86_64.rpm     MD5: 2c83d5d0ff12b0d627f609e75586fac4
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
bluez-utils-2.10-2.2.src.rpm
File outdated by:  RHBA-2009:0024
    MD5: f7a4d82ed172f4984e8e1abecf723eab
 
IA-32:
bluez-utils-2.10-2.2.i386.rpm
File outdated by:  RHBA-2009:0024
    MD5: 818e3b413b31f4fc68e6388dc3feca16
bluez-utils-cups-2.10-2.2.i386.rpm
File outdated by:  RHBA-2009:0024
    MD5: 8ab01e39c64083f86da77b56f1b9ed9c
 
IA-64:
bluez-utils-2.10-2.2.ia64.rpm
File outdated by:  RHBA-2009:0024
    MD5: ba34fe7467efcb74df5896e42261cfb9
bluez-utils-cups-2.10-2.2.ia64.rpm
File outdated by:  RHBA-2009:0024
    MD5: 864af7581f08ad15f6cbd9961fb53880
 
x86_64:
bluez-utils-2.10-2.2.x86_64.rpm
File outdated by:  RHBA-2009:0024
    MD5: 230bdc2688fb568dd6402d7728c40cb4
bluez-utils-cups-2.10-2.2.x86_64.rpm
File outdated by:  RHBA-2009:0024
    MD5: 2c83d5d0ff12b0d627f609e75586fac4
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

227014 - CVE-2006-6899 Bluetooth HID key events injection flaw


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/