Impact
Information disclosure - a user can discover arbitrary files and directories.
Patches
The issue got fixed in blueman 2.2.4.
Workarounds
Remove blueman/plugins/mechanism/Ppp.py from the Python site-packages path. This means that the PPPSupport plugin will not work anymore, but connecting to dialup network services is still supported via the NMDUNSupport module.
For more information
If you have any questions or comments about this advisory:
jobaror Analyst
Impact
Information disclosure - a user can discover arbitrary files and directories.
Patches
The issue got fixed in blueman 2.2.4.
Workarounds
Remove
blueman/plugins/mechanism/Ppp.pyfrom the Python site-packages path. This means that thePPPSupportplugin will not work anymore, but connecting to dialup network services is still supported via theNMDUNSupportmodule.For more information
If you have any questions or comments about this advisory: