| Description: | Updated bluez-libs and bluez-utils packages that fix a security flaw arenow available for Red Hat Enterprise Linux 4 and 5.This update has been rated as having moderate security impact by the RedHat Security Response Team.The bluez-libs package contains libraries for use in Bluetoothapplications. The bluez-utils package contains Bluetooth daemons and utilities.An input validation flaw was found in the Bluetooth Session DescriptionProtocol (SDP) packet parser used by the Bluez Bluetooth utilities. ABluetooth device with an already-established trust relationship, or a localuser registering a service record via a UNIX reg; socket or D-Bus interface,could cause a crash, or possibly execute arbitrary code with privileges ofthe hcid daemon. (CVE-2008-2374)Users of bluez-libs and bluez-utils are advised to upgrade to these updatedpackages, which contains a backported patch to correct this issue. |