Updated bluez-utils packages that fix a security flaw are now available for
CentOS Linux 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The bluez-utils package contains Bluetooth daemons and utilities.
A flaw was found in the Bluetooth HID daemon (hidd). A remote attacker
would have been able to inject keyboard and mouse events via a Bluetooth
connection without any authorization. (CVE-2006-6899)
Note that CentOS Linux does not come with the Bluetooth HID
daemon enabled by default.
Users of bluez-utils are advised to upgrade to these updated packages, which
contains a backported patch to correct this issue.