Описание
Security update for bluez
This update for bluez fixes the following issues:
Security issues fixed:
- CVE-2016-7837: Fixed possible buffer overflow, make sure we don't write past the end of the array.(bsc#1026652)
- CVE-2016-9800: Fix hcidump memory leak in pin_code_reply_dump() (bsc#1013721).
- CVE-2016-9801: Fixed a buffer overflow in set_ext_ctrl function (bsc#1013732)
- CVE-2016-9804: Fix hcidump buffer overflow in commands_dump() (bsc#1013877).
- CVE-2016-9918: Fixed an out-of-bounds read in packet_hexdump() (bsc#1015173)
- CVE-2017-1000250: Fixed a information leak in SDP (part of the recently published BlueBorne vulnerabilities) (bsc#1057342)
Список пакетов
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP1
Ссылки
- Link for SUSE-SU-2019:0510-1
- E-Mail link for SUSE-SU-2019:0510-1
- SUSE Security Ratings
- SUSE Bug 1013721
- SUSE Bug 1013732
- SUSE Bug 1013877
- SUSE Bug 1015173
- SUSE Bug 1026652
- SUSE Bug 1057342
- SUSE CVE CVE-2016-7837 page
- SUSE CVE CVE-2016-9800 page
- SUSE CVE CVE-2016-9801 page
- SUSE CVE CVE-2016-9804 page
- SUSE CVE CVE-2016-9918 page
- SUSE CVE CVE-2017-1000250 page
Описание
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.
Затронутые продукты
Ссылки
- CVE-2016-7837
- SUSE Bug 1026652
Описание
In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter.
Затронутые продукты
Ссылки
- CVE-2016-9800
- SUSE Bug 1013721
Описание
In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file.
Затронутые продукты
Ссылки
- CVE-2016-9801
- SUSE Bug 1013732
Описание
In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
Затронутые продукты
Ссылки
- CVE-2016-9804
- SUSE Bug 1013877
Описание
In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.
Затронутые продукты
Ссылки
- CVE-2016-9918
- SUSE Bug 1013893
- SUSE Bug 1015173
Описание
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.
Затронутые продукты
Ссылки
- CVE-2017-1000250
- SUSE Bug 1057342