A security improvement has been made to blueman.
Software Description:
- blueman: Graphical bluetooth manager
Details:
Vaisha Bernard discovered that blueman did not properly sanitize input
on the d-bus interface to blueman-mechanism. A local attacker could
possibly use this issue to escalate privileges and run arbitrary code or
cause a denial of service. (CVE-2020-15238)
While a previous security update fixed the issue, this update provides
additional improvements by enabling PolicyKit authentication for
privileged commands.
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: blueman 2.1.3-2ubuntu1.1 Ubuntu 20.04 LTS: blueman 2.1.2-1ubuntu0.2 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4605-1
https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1897287
Get the latest Linux and open source security news straight to your inbox.