ASA-201709-3 generated external raw

[ASA-201709-3] bluez: information disclosure
Arch Linux Security Advisory ASA-201709-3 ========================================= Severity: High Date : 2017-09-12 CVE-ID : CVE-2017-1000250 Package : bluez Type : information disclosure Remote : Yes Link : Summary ======= The package bluez before version 5.46-2 is vulnerable to information disclosure. Resolution ========== Upgrade to 5.46-2. # pacman -Syu "bluez>=5.46-2" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol (SDP). A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information such as Bluetooth encryption keys. Impact ====== A remote attacker is able to use a specially crafted Bluetooth device to obtain sensitive information such as Bluetooth encryption keys. References ==========