Univention Bugzilla – Bug 51037
bluez: Multiple issues (4.4)
Last modified: 2020-04-02 14:47:52 CEST
New Debian bluez 5.43-2+deb9u2 fixes: This update addresses the following issue: * Improper access control in subsystem could result in privilege escalation and DoS (CVE-2020-0556)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/bluez_5.43-2+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-4/source/bluez_5.43-2+deb9u2.dsc @@ -1,3 +1,12 @@ +5.43-2+deb9u2 [Sun, 22 Mar 2020 10:42:49 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Address INTEL-SA-00352 (CVE-2020-0556) (Closes: #953770) + - HOGP must only accept data from bonded devices + - HID accepts bonded device connections only + * input: hog: Attempt to set security level if not bonded + * input: Add LEAutoSecurity setting to input.conf + 5.43-2+deb9u1 [Wed, 13 Sep 2017 09:16:27 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://10.200.17.11/4.4-4/#7073470715225658244>
OK: piuparts OK: debdiff, dchdiff, dscdiff OK: yaml OK: no patch required Verified
<http://errata.software-univention.de/ucs/4.4/500.html>