Univention Bugzilla – Bug 54168
bluez: Multiple issues (4.4)
Last modified: 2021-12-01 16:07:21 CET
New Debian bluez 5.43-2+deb9u5 fixes: This update addresses the following issues: * bluez (CVE-2019-8921) * bluez (CVE-2019-8922) * memory leak in the SDP protocol (CVE-2021-41229)
--- mirror/ftp/4.4/unmaintained/component/4.4-8-errata/source/bluez_5.43-2+deb9u4.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/bluez_5.43-2+deb9u5.dsc @@ -1,3 +1,24 @@ +5.43-2+deb9u5 [Fri, 26 Nov 2021 19:05:30 +0100] Sylvain Beucler <beuc@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * CVE-2017-1000250: replace RedHat's early patch with upstream's, so as + to minimize conflicts with new CVE fixes + * CVE-2019-8921: SDP infoleak, the vulnerability lies in the handling of + a SVC_ATTR_REQ by the SDP implementation of BlueZ. By crafting a + malicious CSTATE, it is possible to trick the server into returning + more bytes than the buffer actually holds, resulting in leaking + arbitrary heap data. + * CVE-2019-8922: SDP Heap Overflow; this vulnerability lies in the SDP + protocol handling of attribute requests as well. By requesting a huge + number of attributes at the same time, an attacker can overflow the + static buffer provided to hold the response. + * CVE-2021-41229: sdp_cstate_alloc_buf allocates memory which will + always be hung in the singly linked list of cstates and will not be + freed. This will cause a memory leak over time. The data can be a very + large object, which can be caused by an attacker continuously sending + sdp packets and this may cause the service of the target device to + crash. + 5.43-2+deb9u4 [Tue, 22 Jun 2021 18:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: * Non-maintainer upload by the LTS Team. <http://piuparts.knut.univention.de/4.4-8/#7073470715222410669>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 72d4162e87 Bug #54168: bluez 5.43-2+deb9u5 doc/errata/staging/bluez.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) [4.4-8] c8b74296a6 Bug #54168: bluez 5.43-2+deb9u5 doc/errata/staging/bluez.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1112>