Описание
Security update for bluez
This update for bluez fixes the following issues:
Security vulnerability addressed:
- CVE-2016-9797: Fixed a buffer over-read in l2cap_dump() (bsc#1013708).
- CVE-2016-9798: Fixed a use-after-free in conf_opt() (bsc#1013712).
- CVE-2016-9917: Fixed a heap-based buffer overflow in read_n() (bsc#1015171).
- CVE-2016-9802: Fixed a buffer over-read in l2cap_packet() (bsc#1013893).
- CVE-2016-9918: Fixed an out-of-bounds stack read in packet_hexdump(), which could be triggered by processing a corrupted dump file and will result in a crash of the hcidump tool (bsc#1015173)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP4
SUSE Linux Enterprise Workstation Extension 12 SP3
SUSE Linux Enterprise Workstation Extension 12 SP4
Ссылки
- Link for SUSE-SU-2019:1339-1
- E-Mail link for SUSE-SU-2019:1339-1
- SUSE Security Ratings
- SUSE Bug 1013708
- SUSE Bug 1013712
- SUSE Bug 1013893
- SUSE Bug 1015171
- SUSE Bug 1015173
- SUSE CVE CVE-2016-9797 page
- SUSE CVE CVE-2016-9798 page
- SUSE CVE CVE-2016-9802 page
- SUSE CVE CVE-2016-9917 page
- SUSE CVE CVE-2016-9918 page
Описание
In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
Затронутые продукты
Ссылки
- CVE-2016-9797
- SUSE Bug 1013708
- SUSE Bug 1013712
Описание
In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
Затронутые продукты
Ссылки
- CVE-2016-9798
- SUSE Bug 1013708
- SUSE Bug 1013712
- SUSE Bug 1013732
Описание
In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.
Затронутые продукты
Ссылки
- CVE-2016-9802
- SUSE Bug 1013893
- SUSE Bug 1015173
Описание
In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
Затронутые продукты
Ссылки
- CVE-2016-9917
- SUSE Bug 1015171
Описание
In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.
Затронутые продукты
Ссылки
- CVE-2016-9918
- SUSE Bug 1013893
- SUSE Bug 1015173