USN-4605-1: Blueman vulnerability

Publication date

27 October 2020

Overview

Blueman could be made to run programs if it received specially crafted input.


Packages

  • blueman - Graphical bluetooth manager

Details

Vaisha Bernard discovered that blueman did not properly sanitize input on
the d-bus interface to blueman-mechanism. A local attacker could possibly
use this issue to escalate privileges and run arbitrary code or cause a
denial of service. (CVE-2020-15238)

Vaisha Bernard discovered that blueman did not properly sanitize input on
the d-bus interface to blueman-mechanism. A local attacker could possibly
use this issue to escalate privileges and run arbitrary code or cause a
denial of service. (CVE-2020-15238)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
20.10 groovy blueman –  2.1.3-2ubuntu1
20.04 focal blueman –  2.1.2-1ubuntu0.1
18.04 bionic blueman –  2.0.5-1ubuntu1.1
16.04 xenial blueman –  2.0.4-1ubuntu2.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›