Wind River Support Network

HomeDefectsLIN6-13699
Fixed

LIN6-13699 : Security Advisory - bluez - CVE-2017-1000250

Created: Sep 14, 2017    Updated: Dec 3, 2018
Resolved Date: Oct 15, 2017
Found In Version: 6.0.0.34
Fix Version: 6.0.0.35
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.

https://nvd.nist.gov/vuln/detail/CVE-2017-1000250

The fix:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=9e009647b14e810e06626dde7f1bb9ea3c375d09

Other Downloads


Live chat
Online