Vaisha Bernard discovered that blueman did not properly sanitize input on the d-bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service. (CVE-2020-15238) While a previous security update fixed the issue, this update provides additional improvements by enabling PolicyKit authentication for privileged commands.
from Ubuntu Security Notices https://ift.tt/3jQ7dzB
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.