Oval Definition:oval:com.redhat.rhsa:def:20172685
Revision Date:2017-09-12Version:638
Title:RHSA-2017:2685: bluez security update (Moderate)
Description:The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (Red Hat), and pcmcia configuration files.

Security Fix(es):

  • An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol (SDP). A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information such as Bluetooth encryption keys. (CVE-2017-1000250)

    Red Hat would like to thank Armis Labs for reporting this issue.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2017-1000250
    RHSA-2017:2685
    RHSA-2017:2685-00
    RHSA-2017:2685-01
    Platform(s):Red Hat Enterprise Linux 6
    Red Hat Enterprise Linux 7
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • bluez is earlier than 0:4.66-2.el6_9
  • AND bluez is signed with Red Hat redhatrelease2 key
  • bluez-alsa is earlier than 0:4.66-2.el6_9
  • AND bluez-alsa is signed with Red Hat redhatrelease2 key
  • bluez-compat is earlier than 0:4.66-2.el6_9
  • AND bluez-compat is signed with Red Hat redhatrelease2 key
  • bluez-cups is earlier than 0:4.66-2.el6_9
  • AND bluez-cups is signed with Red Hat redhatrelease2 key
  • bluez-gstreamer is earlier than 0:4.66-2.el6_9
  • AND bluez-gstreamer is signed with Red Hat redhatrelease2 key
  • bluez-libs is earlier than 0:4.66-2.el6_9
  • AND bluez-libs is signed with Red Hat redhatrelease2 key
  • bluez-libs-devel is earlier than 0:4.66-2.el6_9
  • AND bluez-libs-devel is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • bluez is earlier than 0:5.44-4.el7_4
  • AND bluez is signed with Red Hat redhatrelease2 key
  • bluez-cups is earlier than 0:5.44-4.el7_4
  • AND bluez-cups is signed with Red Hat redhatrelease2 key
  • bluez-hid2hci is earlier than 0:5.44-4.el7_4
  • AND bluez-hid2hci is signed with Red Hat redhatrelease2 key
  • bluez-libs is earlier than 0:5.44-4.el7_4
  • AND bluez-libs is signed with Red Hat redhatrelease2 key
  • bluez-libs-devel is earlier than 0:5.44-4.el7_4
  • AND bluez-libs-devel is signed with Red Hat redhatrelease2 key
  • BACK