Red Hat Product Errata RHSA-2007:0065 - Security Advisory

Issued:: 2007-05-14
Updated:: 2007-05-14

RHSA-2007:0065 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: bluez-utils security update

Type/Severity

Security Advisory: Moderate

Topic

Updated bluez-utils packages that fix a security flaw are now available for
Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The bluez-utils package contains Bluetooth daemons and utilities.

A flaw was found in the Bluetooth HID daemon (hidd). A remote attacker
would have been able to inject keyboard and mouse events via a Bluetooth
connection without any authorization. (CVE-2006-6899)

Note that Red Hat Enterprise Linux does not come with the Bluetooth HID
daemon enabled by default.

Users of bluez-utils are advised to upgrade to these updated packages, which
contains a backported patch to correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server - Extended Update Support 4.5 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 4.5 ia64
Red Hat Enterprise Linux Server - Extended Update Support 4.5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc

Fixes

BZ - 227014 - CVE-2006-6899 Bluetooth HID key events injection flaw

CVEs

CVE-2006-6899

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
bluez-utils-2.10-2.2.src.rpm	SHA-256: a1ff6f797406d42e0b047e0ef08c02692a7e0a9821758f97392dd80c3206928e
x86_64
bluez-utils-2.10-2.2.x86_64.rpm	SHA-256: fda7e7c1b25fd80d289a5270d3548667b51f70f3d4946e7a1a9653f8ff2c8c70
bluez-utils-2.10-2.2.x86_64.rpm	SHA-256: fda7e7c1b25fd80d289a5270d3548667b51f70f3d4946e7a1a9653f8ff2c8c70
bluez-utils-cups-2.10-2.2.x86_64.rpm	SHA-256: e87b514e766fd7512dc590d63ee88b4b915c497800bdb748c40a54203b2a2935
bluez-utils-cups-2.10-2.2.x86_64.rpm	SHA-256: e87b514e766fd7512dc590d63ee88b4b915c497800bdb748c40a54203b2a2935
ia64
bluez-utils-2.10-2.2.ia64.rpm	SHA-256: 90054329d35769843f0cd657b34fd65d9170b1ffe4d33e6bf49fcf095d4930c5
bluez-utils-2.10-2.2.ia64.rpm	SHA-256: 90054329d35769843f0cd657b34fd65d9170b1ffe4d33e6bf49fcf095d4930c5
bluez-utils-cups-2.10-2.2.ia64.rpm	SHA-256: 0b3b900c728fbd2702b648e4b9f462d49bd79069c735b74211119634d5290fa3
bluez-utils-cups-2.10-2.2.ia64.rpm	SHA-256: 0b3b900c728fbd2702b648e4b9f462d49bd79069c735b74211119634d5290fa3
i386
bluez-utils-2.10-2.2.i386.rpm	SHA-256: 38cca17445afd5900417336ec9d332e45bfa9cf1559f5f82ab60c277554bbc66
bluez-utils-2.10-2.2.i386.rpm	SHA-256: 38cca17445afd5900417336ec9d332e45bfa9cf1559f5f82ab60c277554bbc66
bluez-utils-cups-2.10-2.2.i386.rpm	SHA-256: f1207a812280b367f35c698aa2f546addbf6f510e2719aead11d3c8001bbfebe
bluez-utils-cups-2.10-2.2.i386.rpm	SHA-256: f1207a812280b367f35c698aa2f546addbf6f510e2719aead11d3c8001bbfebe

Red Hat Enterprise Linux Server - Extended Update Support 4.5

SRPM
bluez-utils-2.10-2.2.src.rpm	SHA-256: a1ff6f797406d42e0b047e0ef08c02692a7e0a9821758f97392dd80c3206928e
x86_64
bluez-utils-2.10-2.2.x86_64.rpm	SHA-256: fda7e7c1b25fd80d289a5270d3548667b51f70f3d4946e7a1a9653f8ff2c8c70
bluez-utils-2.10-2.2.x86_64.rpm	SHA-256: fda7e7c1b25fd80d289a5270d3548667b51f70f3d4946e7a1a9653f8ff2c8c70
bluez-utils-cups-2.10-2.2.x86_64.rpm	SHA-256: e87b514e766fd7512dc590d63ee88b4b915c497800bdb748c40a54203b2a2935
bluez-utils-cups-2.10-2.2.x86_64.rpm	SHA-256: e87b514e766fd7512dc590d63ee88b4b915c497800bdb748c40a54203b2a2935
ia64
bluez-utils-2.10-2.2.ia64.rpm	SHA-256: 90054329d35769843f0cd657b34fd65d9170b1ffe4d33e6bf49fcf095d4930c5
bluez-utils-2.10-2.2.ia64.rpm	SHA-256: 90054329d35769843f0cd657b34fd65d9170b1ffe4d33e6bf49fcf095d4930c5
bluez-utils-cups-2.10-2.2.ia64.rpm	SHA-256: 0b3b900c728fbd2702b648e4b9f462d49bd79069c735b74211119634d5290fa3
bluez-utils-cups-2.10-2.2.ia64.rpm	SHA-256: 0b3b900c728fbd2702b648e4b9f462d49bd79069c735b74211119634d5290fa3
i386
bluez-utils-2.10-2.2.i386.rpm	SHA-256: 38cca17445afd5900417336ec9d332e45bfa9cf1559f5f82ab60c277554bbc66
bluez-utils-2.10-2.2.i386.rpm	SHA-256: 38cca17445afd5900417336ec9d332e45bfa9cf1559f5f82ab60c277554bbc66
bluez-utils-cups-2.10-2.2.i386.rpm	SHA-256: f1207a812280b367f35c698aa2f546addbf6f510e2719aead11d3c8001bbfebe
bluez-utils-cups-2.10-2.2.i386.rpm	SHA-256: f1207a812280b367f35c698aa2f546addbf6f510e2719aead11d3c8001bbfebe

Red Hat Enterprise Linux Workstation 4

SRPM
bluez-utils-2.10-2.2.src.rpm	SHA-256: a1ff6f797406d42e0b047e0ef08c02692a7e0a9821758f97392dd80c3206928e
x86_64
bluez-utils-2.10-2.2.x86_64.rpm	SHA-256: fda7e7c1b25fd80d289a5270d3548667b51f70f3d4946e7a1a9653f8ff2c8c70
bluez-utils-cups-2.10-2.2.x86_64.rpm	SHA-256: e87b514e766fd7512dc590d63ee88b4b915c497800bdb748c40a54203b2a2935
ia64
bluez-utils-2.10-2.2.ia64.rpm	SHA-256: 90054329d35769843f0cd657b34fd65d9170b1ffe4d33e6bf49fcf095d4930c5
bluez-utils-cups-2.10-2.2.ia64.rpm	SHA-256: 0b3b900c728fbd2702b648e4b9f462d49bd79069c735b74211119634d5290fa3
i386
bluez-utils-2.10-2.2.i386.rpm	SHA-256: 38cca17445afd5900417336ec9d332e45bfa9cf1559f5f82ab60c277554bbc66
bluez-utils-cups-2.10-2.2.i386.rpm	SHA-256: f1207a812280b367f35c698aa2f546addbf6f510e2719aead11d3c8001bbfebe

Red Hat Enterprise Linux Desktop 4

SRPM
bluez-utils-2.10-2.2.src.rpm	SHA-256: a1ff6f797406d42e0b047e0ef08c02692a7e0a9821758f97392dd80c3206928e
x86_64
bluez-utils-2.10-2.2.x86_64.rpm	SHA-256: fda7e7c1b25fd80d289a5270d3548667b51f70f3d4946e7a1a9653f8ff2c8c70
bluez-utils-cups-2.10-2.2.x86_64.rpm	SHA-256: e87b514e766fd7512dc590d63ee88b4b915c497800bdb748c40a54203b2a2935
i386
bluez-utils-2.10-2.2.i386.rpm	SHA-256: 38cca17445afd5900417336ec9d332e45bfa9cf1559f5f82ab60c277554bbc66
bluez-utils-cups-2.10-2.2.i386.rpm	SHA-256: f1207a812280b367f35c698aa2f546addbf6f510e2719aead11d3c8001bbfebe

Red Hat Enterprise Linux for Power, big endian 4

SRPM
bluez-utils-2.10-2.2.src.rpm	SHA-256: a1ff6f797406d42e0b047e0ef08c02692a7e0a9821758f97392dd80c3206928e
ppc
bluez-utils-2.10-2.2.ppc.rpm	SHA-256: 1934926bc0b0490b8005f38cbe78d42be1772bcbffe6daecbd2e3e44bd0ad61a
bluez-utils-cups-2.10-2.2.ppc.rpm	SHA-256: 4b6cdef5a05f1c1dd927dc29901f7cb3953b8c0472f4224b2a4e64d4b6b4bf86

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
bluez-utils-2.10-2.2.src.rpm	SHA-256: a1ff6f797406d42e0b047e0ef08c02692a7e0a9821758f97392dd80c3206928e
ppc
bluez-utils-2.10-2.2.ppc.rpm	SHA-256: 1934926bc0b0490b8005f38cbe78d42be1772bcbffe6daecbd2e3e44bd0ad61a
bluez-utils-cups-2.10-2.2.ppc.rpm	SHA-256: 4b6cdef5a05f1c1dd927dc29901f7cb3953b8c0472f4224b2a4e64d4b6b4bf86

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories