ELSA-2022-2081

Опубликовано: 17 мая 2022

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2022-2081: bluez security update (LOW)

[5.56-3]

bluez-5.56-3

Fixing (#2027434)
Fixing CVE-2021-41229

[5.56-2]

bluez-5.56-2

Fixing (#1968392)
Removing bccmd check from tests

[5.56-1]

bluez-5.56-1

Fixing (#1965057)
Removing bccmd, enabling hid2hci as upstream removed the support in bluez-5.56

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

bluez

5.56-3.el8

bluez-cups

5.56-3.el8

bluez-hid2hci

5.56-3.el8

bluez-libs

5.56-3.el8

bluez-libs-devel

5.56-3.el8

bluez-obexd

5.56-3.el8

Oracle Linux x86_64

bluez

5.56-3.el8

bluez-cups

5.56-3.el8

bluez-hid2hci

5.56-3.el8

bluez-libs

5.56-3.el8

bluez-libs-devel

5.56-3.el8

bluez-obexd

5.56-3.el8

Связанные CVE

CVE-2021-41229

Ссылки на источники

Связанные уязвимости

CVE-2021-41229

CVSS3: 4.3

ubuntu

больше 3 лет назад

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.