Red Hat Product Errata RHSA-2007:0065 - Security Advisory
Issued:
2007-05-14
Updated:
2007-05-14

RHSA-2007:0065 - Security Advisory

Synopsis

Moderate: bluez-utils security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated bluez-utils packages that fix a security flaw are now available for
Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The bluez-utils package contains Bluetooth daemons and utilities.

A flaw was found in the Bluetooth HID daemon (hidd). A remote attacker
would have been able to inject keyboard and mouse events via a Bluetooth
connection without any authorization. (CVE-2006-6899)

Note that Red Hat Enterprise Linux does not come with the Bluetooth HID
daemon enabled by default.

Users of bluez-utils are advised to upgrade to these updated packages, which
contains a backported patch to correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc

Fixes

  • BZ - 227014 - CVE-2006-6899 Bluetooth HID key events injection flaw

Red Hat Enterprise Linux Server 4

SRPM
bluez-utils-2.10-2.2.src.rpm SHA-256: a1ff6f797406d42e0b047e0ef08c02692a7e0a9821758f97392dd80c3206928e
x86_64
bluez-utils-2.10-2.2.x86_64.rpm SHA-256: fda7e7c1b25fd80d289a5270d3548667b51f70f3d4946e7a1a9653f8ff2c8c70
bluez-utils-2.10-2.2.x86_64.rpm SHA-256: fda7e7c1b25fd80d289a5270d3548667b51f70f3d4946e7a1a9653f8ff2c8c70
bluez-utils-cups-2.10-2.2.x86_64.rpm SHA-256: e87b514e766fd7512dc590d63ee88b4b915c497800bdb748c40a54203b2a2935
bluez-utils-cups-2.10-2.2.x86_64.rpm SHA-256: e87b514e766fd7512dc590d63ee88b4b915c497800bdb748c40a54203b2a2935
ia64
bluez-utils-2.10-2.2.ia64.rpm SHA-256: 90054329d35769843f0cd657b34fd65d9170b1ffe4d33e6bf49fcf095d4930c5
bluez-utils-2.10-2.2.ia64.rpm SHA-256: 90054329d35769843f0cd657b34fd65d9170b1ffe4d33e6bf49fcf095d4930c5
bluez-utils-cups-2.10-2.2.ia64.rpm SHA-256: 0b3b900c728fbd2702b648e4b9f462d49bd79069c735b74211119634d5290fa3
bluez-utils-cups-2.10-2.2.ia64.rpm SHA-256: 0b3b900c728fbd2702b648e4b9f462d49bd79069c735b74211119634d5290fa3
i386
bluez-utils-2.10-2.2.i386.rpm SHA-256: 38cca17445afd5900417336ec9d332e45bfa9cf1559f5f82ab60c277554bbc66
bluez-utils-2.10-2.2.i386.rpm SHA-256: 38cca17445afd5900417336ec9d332e45bfa9cf1559f5f82ab60c277554bbc66
bluez-utils-cups-2.10-2.2.i386.rpm SHA-256: f1207a812280b367f35c698aa2f546addbf6f510e2719aead11d3c8001bbfebe
bluez-utils-cups-2.10-2.2.i386.rpm SHA-256: f1207a812280b367f35c698aa2f546addbf6f510e2719aead11d3c8001bbfebe

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5

SRPM
bluez-utils-2.10-2.2.src.rpm SHA-256: a1ff6f797406d42e0b047e0ef08c02692a7e0a9821758f97392dd80c3206928e
x86_64
bluez-utils-2.10-2.2.x86_64.rpm SHA-256: fda7e7c1b25fd80d289a5270d3548667b51f70f3d4946e7a1a9653f8ff2c8c70
bluez-utils-2.10-2.2.x86_64.rpm SHA-256: fda7e7c1b25fd80d289a5270d3548667b51f70f3d4946e7a1a9653f8ff2c8c70
bluez-utils-cups-2.10-2.2.x86_64.rpm SHA-256: e87b514e766fd7512dc590d63ee88b4b915c497800bdb748c40a54203b2a2935
bluez-utils-cups-2.10-2.2.x86_64.rpm SHA-256: e87b514e766fd7512dc590d63ee88b4b915c497800bdb748c40a54203b2a2935
ia64
bluez-utils-2.10-2.2.ia64.rpm SHA-256: 90054329d35769843f0cd657b34fd65d9170b1ffe4d33e6bf49fcf095d4930c5
bluez-utils-2.10-2.2.ia64.rpm SHA-256: 90054329d35769843f0cd657b34fd65d9170b1ffe4d33e6bf49fcf095d4930c5
bluez-utils-cups-2.10-2.2.ia64.rpm SHA-256: 0b3b900c728fbd2702b648e4b9f462d49bd79069c735b74211119634d5290fa3
bluez-utils-cups-2.10-2.2.ia64.rpm SHA-256: 0b3b900c728fbd2702b648e4b9f462d49bd79069c735b74211119634d5290fa3
i386
bluez-utils-2.10-2.2.i386.rpm SHA-256: 38cca17445afd5900417336ec9d332e45bfa9cf1559f5f82ab60c277554bbc66
bluez-utils-2.10-2.2.i386.rpm SHA-256: 38cca17445afd5900417336ec9d332e45bfa9cf1559f5f82ab60c277554bbc66
bluez-utils-cups-2.10-2.2.i386.rpm SHA-256: f1207a812280b367f35c698aa2f546addbf6f510e2719aead11d3c8001bbfebe
bluez-utils-cups-2.10-2.2.i386.rpm SHA-256: f1207a812280b367f35c698aa2f546addbf6f510e2719aead11d3c8001bbfebe

Red Hat Enterprise Linux Workstation 4

SRPM
bluez-utils-2.10-2.2.src.rpm SHA-256: a1ff6f797406d42e0b047e0ef08c02692a7e0a9821758f97392dd80c3206928e
x86_64
bluez-utils-2.10-2.2.x86_64.rpm SHA-256: fda7e7c1b25fd80d289a5270d3548667b51f70f3d4946e7a1a9653f8ff2c8c70
bluez-utils-cups-2.10-2.2.x86_64.rpm SHA-256: e87b514e766fd7512dc590d63ee88b4b915c497800bdb748c40a54203b2a2935
ia64
bluez-utils-2.10-2.2.ia64.rpm SHA-256: 90054329d35769843f0cd657b34fd65d9170b1ffe4d33e6bf49fcf095d4930c5
bluez-utils-cups-2.10-2.2.ia64.rpm SHA-256: 0b3b900c728fbd2702b648e4b9f462d49bd79069c735b74211119634d5290fa3
i386
bluez-utils-2.10-2.2.i386.rpm SHA-256: 38cca17445afd5900417336ec9d332e45bfa9cf1559f5f82ab60c277554bbc66
bluez-utils-cups-2.10-2.2.i386.rpm SHA-256: f1207a812280b367f35c698aa2f546addbf6f510e2719aead11d3c8001bbfebe

Red Hat Enterprise Linux Desktop 4

SRPM
bluez-utils-2.10-2.2.src.rpm SHA-256: a1ff6f797406d42e0b047e0ef08c02692a7e0a9821758f97392dd80c3206928e
x86_64
bluez-utils-2.10-2.2.x86_64.rpm SHA-256: fda7e7c1b25fd80d289a5270d3548667b51f70f3d4946e7a1a9653f8ff2c8c70
bluez-utils-cups-2.10-2.2.x86_64.rpm SHA-256: e87b514e766fd7512dc590d63ee88b4b915c497800bdb748c40a54203b2a2935
i386
bluez-utils-2.10-2.2.i386.rpm SHA-256: 38cca17445afd5900417336ec9d332e45bfa9cf1559f5f82ab60c277554bbc66
bluez-utils-cups-2.10-2.2.i386.rpm SHA-256: f1207a812280b367f35c698aa2f546addbf6f510e2719aead11d3c8001bbfebe

Red Hat Enterprise Linux for Power, big endian 4

SRPM
bluez-utils-2.10-2.2.src.rpm SHA-256: a1ff6f797406d42e0b047e0ef08c02692a7e0a9821758f97392dd80c3206928e
ppc
bluez-utils-2.10-2.2.ppc.rpm SHA-256: 1934926bc0b0490b8005f38cbe78d42be1772bcbffe6daecbd2e3e44bd0ad61a
bluez-utils-cups-2.10-2.2.ppc.rpm SHA-256: 4b6cdef5a05f1c1dd927dc29901f7cb3953b8c0472f4224b2a4e64d4b6b4bf86

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
bluez-utils-2.10-2.2.src.rpm SHA-256: a1ff6f797406d42e0b047e0ef08c02692a7e0a9821758f97392dd80c3206928e
ppc
bluez-utils-2.10-2.2.ppc.rpm SHA-256: 1934926bc0b0490b8005f38cbe78d42be1772bcbffe6daecbd2e3e44bd0ad61a
bluez-utils-cups-2.10-2.2.ppc.rpm SHA-256: 4b6cdef5a05f1c1dd927dc29901f7cb3953b8c0472f4224b2a4e64d4b6b4bf86

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.