Virtuozzo 6 : bluez / bluez-alsa / bluez-compat / bluez-cups / etc (VZLSA-2017-2685)
Low Nessus Plugin ID 119224
SynopsisThe remote Virtuozzo host is missing a security update.
DescriptionAn update for bluez is now available for Red Hat Enterprise Linux 6
and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The bluez packages contain the following utilities for use in
Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd,
l2ping, start scripts (Red Hat), and pcmcia configuration files.
Security Fix(es) :
* An information-disclosure flaw was found in the bluetoothd
implementation of the Service Discovery Protocol (SDP). A specially
crafted Bluetooth device could, without prior pairing or user
interaction, retrieve portions of the bluetoothd process memory,
including potentially sensitive information such as Bluetooth
encryption keys. (CVE-2017-1000250)
Red Hat would like to thank Armis Labs for reporting this issue.
Note that Tenable Network Security has attempted to extract the
preceding description block directly from the corresponding Red Hat
security advisory. Virtuozzo provides no description for VZLSA
advisories. Tenable has attempted to automatically clean and format
it as much as possible without introducing additional issues.
SolutionUpdate the affected bluez / bluez-alsa / bluez-compat / bluez-cups / etc package.