Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201601-30 ========================================= Severity: Medium Date : 2016-01-25 CVE-ID : CVE-2015-8612 Package : blueman Type : privilege escalation Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package blueman before version 2.0.3-1 is vulnerable to local privilege escalation. Resolution ========= Upgrade to 2.0.3-1. # pacman -Syu "blueman>=2.0.3-1" The problem has been fixed upstream in version 2.0.3. Workaround ========= None. Description ========== A local privilege escalation vulnerability has been found in the Network::EnableNetwork() method of blueman. An unsanitized string is received over DBUS into the dhcp_handler parameter and passed to eval(), thus allowing arbitrary command execution with the privileges of the user running blueman. Impact ===== A local attacker can use this vulnerability to get root access on the affected host. References ========= https://bugs.archlinux.org/task/47784 https://access.redhat.com/security/cve/CVE-2015-8612 https://github.com/blueman-project/blueman/issues/416 https://github.com/blueman-project/blueman/commit/e3d249391654da3fefe08b5389c2030fff1b12ea