Описание
Security update for bluez
This update for bluez fixes the following issues:
Security issues fixed:
- CVE-2016-9800: Fixed a buffer overflow in the pin_code_reply_dump function (bsc#1013721)
- CVE-2016-9801: Fixed a buffer overflow in the set_ext_ctrl function (bsc#1013732)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
bluez-5.13-5.7.1
bluez-cups-5.13-5.7.1
libbluetooth3-5.13-5.7.1
SUSE Linux Enterprise Desktop 12 SP4
bluez-5.13-5.7.1
bluez-cups-5.13-5.7.1
libbluetooth3-5.13-5.7.1
SUSE Linux Enterprise Server 12 SP3
bluez-5.13-5.7.1
libbluetooth3-5.13-5.7.1
SUSE Linux Enterprise Server 12 SP4
bluez-5.13-5.7.1
libbluetooth3-5.13-5.7.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
bluez-5.13-5.7.1
libbluetooth3-5.13-5.7.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
bluez-5.13-5.7.1
libbluetooth3-5.13-5.7.1
SUSE Linux Enterprise Software Development Kit 12 SP3
bluez-devel-5.13-5.7.1
SUSE Linux Enterprise Software Development Kit 12 SP4
bluez-devel-5.13-5.7.1
SUSE Linux Enterprise Workstation Extension 12 SP3
bluez-cups-5.13-5.7.1
SUSE Linux Enterprise Workstation Extension 12 SP4
bluez-cups-5.13-5.7.1
Ссылки
- Link for SUSE-SU-2018:4188-1
- E-Mail link for SUSE-SU-2018:4188-1
- SUSE Security Ratings
- SUSE Bug 1013721
- SUSE Bug 1013732
- SUSE CVE CVE-2016-9800 page
- SUSE CVE CVE-2016-9801 page
Описание
In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:bluez-5.13-5.7.1
SUSE Linux Enterprise Desktop 12 SP3:bluez-cups-5.13-5.7.1
SUSE Linux Enterprise Desktop 12 SP3:libbluetooth3-5.13-5.7.1
SUSE Linux Enterprise Desktop 12 SP4:bluez-5.13-5.7.1
Ссылки
- CVE-2016-9800
- SUSE Bug 1013721
Описание
In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:bluez-5.13-5.7.1
SUSE Linux Enterprise Desktop 12 SP3:bluez-cups-5.13-5.7.1
SUSE Linux Enterprise Desktop 12 SP3:libbluetooth3-5.13-5.7.1
SUSE Linux Enterprise Desktop 12 SP4:bluez-5.13-5.7.1
Ссылки
- CVE-2016-9801
- SUSE Bug 1013732