Univention Bugzilla – Bug 53637
bluez: Multiple issues (5.0)
Last modified: 2021-08-11 16:37:28 CEST
New Debian bluez 5.50-1.2~deb10u2 fixes: This update addresses the following issues: * Passkey Entry protocol of the Bluetooth Core is vulnerable to an impersonation attack (CVE-2020-26558) * double free in gatttool client disconnect callback handler in src/shared/att.c could lead to DoS or RCE (CVE-2020-27153) * Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)
--- mirror/ftp/pool/main/b/bluez/bluez_5.50-1.2~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/bluez_5.50-1.2~deb10u2.dsc @@ -1,3 +1,10 @@ +5.50-1.2~deb10u2 [Wed, 04 Aug 2021 21:18:19 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * shared/att: Fix possible crash on disconnect (CVE-2020-27153) + * shared/gatt-server: Fix not properly checking for secure flags + (CVE-2020-26558, CVE-2021-0129) (Closes: #989614) + 5.50-1.2~deb10u1 [Sun, 22 Mar 2020 10:55:38 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/5.0-0/#5783600677328316779>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-0] caefb59729 Bug #53637: bluez 5.50-1.2~deb10u2 doc/errata/staging/bluez.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [5.0-0] dd990c37a2 Bug #53637: bluez 5.50-1.2~deb10u2 doc/errata/staging/bluez.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x66>