ALT-PU-2021-4542-1
Package bluez updated to version 5.62-alt2 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2022-05703
Уязвимость стека технологии Bluetooth для Linux BlueZ, связанная с неправильной авторизацией, позволяющая нарушителю получить доступ к конфиденциальным данным
BDU:2022-06043
Уязвимость функции sdp_cstate_alloc_buf стека технологии Bluetooth для Linux BlueZ, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-3658
bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.
- https://bugzilla.redhat.com/show_bug.cgi?id=1984728
- https://bugzilla.redhat.com/show_bug.cgi?id=1984728
- https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055
- https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055
- https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055
- https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055
- https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89
- https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89
- https://security.netapp.com/advisory/ntap-20220407-0002/
- https://security.netapp.com/advisory/ntap-20220407-0002/
Modified: 2024-11-21
CVE-2021-41229
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.
- https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq
- https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq
- [debian-lts-announce] 20211127 [SECURITY] [DLA 2827-1] bluez security update
- [debian-lts-announce] 20211127 [SECURITY] [DLA 2827-1] bluez security update
- [debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update
- [debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update
- https://security.netapp.com/advisory/ntap-20211203-0004/
- https://security.netapp.com/advisory/ntap-20211203-0004/
Modified: 2024-11-21
CVE-2022-39176
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
- https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968
- https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968
- [debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update
- [debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update
- https://security.netapp.com/advisory/ntap-20221020-0002/
- https://security.netapp.com/advisory/ntap-20221020-0002/
- https://ubuntu.com/security/notices/USN-5481-1
- https://ubuntu.com/security/notices/USN-5481-1
Modified: 2024-11-21
CVE-2022-39177
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
- https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968
- https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968
- [debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update
- [debian-lts-announce] 20221024 [SECURITY] [DLA 3157-1] bluez security update
- https://security.netapp.com/advisory/ntap-20221020-0002/
- https://security.netapp.com/advisory/ntap-20221020-0002/
- https://ubuntu.com/security/notices/USN-5481-1
- https://ubuntu.com/security/notices/USN-5481-1
Closed bugs
Требует /bin/systemctl