MGASA-2020-0402 - Updated blueman packages fixes a security vulnerability

Publication date: 08 Nov 2020
URL: https://advisories.mageia.org/MGASA-2020-0402.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-15238

Vaisha Bernard discovered that blueman did not properly sanitize input on the
D-Bus interface to blueman-mechanism. A local attacker could possibly use this
issue to escalate privileges and run arbitrary code or cause a denial of
service (CVE-2020-15238).

References:
- https://bugs.mageia.org/show_bug.cgi?id=27485
- https://ubuntu.com/security/notices/USN-4605-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15238

SRPMS:
- 7/core/blueman-2.1.4-1.mga7