Univention Bugzilla – Bug 53520
bluez: Multiple issues (4.4)
Last modified: 2021-06-30 18:34:05 CEST
New Debian bluez 5.43-2+deb9u4 fixes: This update addresses the following issues: * Passkey Entry protocol of the Bluetooth Core is vulnerable to an impersonation attack (CVE-2020-26558) * Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)
--- mirror/ftp/4.4/unmaintained/4.4-7/source/bluez_5.43-2+deb9u3.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/bluez_5.43-2+deb9u4.dsc @@ -1,3 +1,12 @@ +5.43-2+deb9u4 [Tue, 22 Jun 2021 18:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * updated kernel package needed as well! + * CVE-2020-26558 + avoid man-in-the-middle attack during secure pairing + * CVE-2021-0129 + avoid information disclosure due to improper access control + 5.43-2+deb9u3 [Wed, 21 Oct 2020 16:43:00 +0100] Chris Lamb <lamby@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/4.4-8/#7073470715223493194>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 920b17bc26 Bug #53520: bluez 5.43-2+deb9u4 doc/errata/staging/bluez.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x996>