-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  blueman (SSA:2018-213-01)

New blueman packages are available for Slackware 14.2 and -current to
fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/blueman-2.0.6-i586-1_slack14.2.txz:  Upgraded.
  This update fixes an issue where blueman-mechanism did not enforce the
  polkit action 'org.blueman.network.setup' for which a polkit policy is
  shipped. This meant that any user with access to the D-Bus system bus was
  able to access the related API without authentication. The result was an
  unspecified impact on the networking stack.
  Thanks to Matthias Gerstner for discovering this issue.
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.

Updated package for Slackware 14.2:

Updated package for Slackware x86_64 14.2:

Updated package for Slackware -current:

Updated package for Slackware x86_64 -current:


MD5 signatures:
+-------------+

Slackware 14.2 package:
408e8b08dd6014d6768cfba739940bd5  blueman-2.0.6-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
4f3ac84da15d5e60b31da00cf91dc756  blueman-2.0.6-x86_64-1_slack14.2.txz

Slackware -current package:
75b9bd804aba2b57cb3202f145c43655  xap/blueman-2.0.6-i586-1.txz

Slackware x86_64 -current package:
e980f38b812ea25bf99bf71597c9e955  xap/blueman-2.0.6-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg blueman-2.0.6-i586-1_slack14.2.txz


+-----+

Slackware: 2018-213-01: blueman Security Update

August 2, 2018
New blueman packages are available for Slackware 14.2 and -current to fix a security issue

Summary

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/blueman-2.0.6-i586-1_slack14.2.txz: Upgraded. This update fixes an issue where blueman-mechanism did not enforce the polkit action 'org.blueman.network.setup' for which a polkit policy is shipped. This meant that any user with access to the D-Bus system bus was able to access the related API without authentication. The result was an unspecified impact on the networking stack. Thanks to Matthias Gerstner for discovering this issue. (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.2:
Updated package for Slackware x86_64 14.2:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 14.2 package: 408e8b08dd6014d6768cfba739940bd5 blueman-2.0.6-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 4f3ac84da15d5e60b31da00cf91dc756 blueman-2.0.6-x86_64-1_slack14.2.txz
Slackware -current package: 75b9bd804aba2b57cb3202f145c43655 xap/blueman-2.0.6-i586-1.txz
Slackware x86_64 -current package: e980f38b812ea25bf99bf71597c9e955 xap/blueman-2.0.6-x86_64-1.txz

Severity
[slackware-security] blueman (SSA:2018-213-01)
New blueman packages are available for Slackware 14.2 and -current to fix a security issue.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg blueman-2.0.6-i586-1_slack14.2.txz

Related News

Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power
8 Expert-Recommended Security Practices to Fortify Your Linux Systems
4 - 8 min read
As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered
Open Source Strategies for Enhancing Security in Digital Business Operations
5 - 9 min read
Digital transformation, powered by the principles of open-source security , is vital for businesses looking to excel in today's technology-driven
Microsoft Update Mayhem: Rescuing Linux Dual-Boot Systems from Secure Boot Woes
2 - 4 min read
Microsoft's recent patch, intended to strengthen Secure Boot defenses, has resulted in an unexpected setback for Linux-Windows dual-boot setups

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved