Ubuntu Security Notice USN-256-1
21st February, 2006
bluez-hcidump vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.10
- Ubuntu 5.04
- Ubuntu 4.10
Details
Pierre Betouin discovered a Denial of Service vulnerability in the
handling of the L2CAP (Logical Link Control and Adaptation Layer
Protocol) layer. By sending a specially crafted L2CAP packet through a
wireless Bluetooth connection, a remote attacker could crash hcidump.
Since hcidump is mainly a debugging tool, the impact of this flaw is
very low.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.10:
- bluez-hcidump
- Ubuntu 5.04:
- bluez-hcidump
- Ubuntu 4.10:
- bluez-hcidump
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None