Univention Bugzilla – Bug 51039
bluez: Multiple issues (4.3)
Last modified: 2020-04-02 15:09:04 CEST
New Debian bluez 5.43-2+deb9u2 fixes: This update addresses the following issue: * Improper access control in subsystem could result in privilege escalation and DoS (CVE-2020-0556)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/bluez_5.43-2+deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-5/source/bluez_5.43-2+deb9u2.dsc @@ -1,3 +1,12 @@ +5.43-2+deb9u2 [Sun, 22 Mar 2020 10:42:49 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Address INTEL-SA-00352 (CVE-2020-0556) (Closes: #953770) + - HOGP must only accept data from bonded devices + - HID accepts bonded device connections only + * input: hog: Attempt to set security level if not bonded + * input: Add LEAutoSecurity setting to input.conf + 5.43-2+deb9u1 [Wed, 13 Sep 2017 09:16:27 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://10.200.17.11/4.3-5/#7073470715225658244>
OK: piuparts OK: debdiff, dchdiff, dscdiff OK: yaml OK: no patch required Verified
<http://errata.software-univention.de/ucs/4.3/662.html>