Описание
Security update for bluez
This update for bluez fixes the following issues:
- CVE-2020-27153: Fixed crash on disconnect (bsc#1177895).
- CVE-2020-0556: Fixed potential escalation of privilege and denial of service via adjacent access, caused by improper access control (bsc#1166751).
Список пакетов
Container suse/sles/15.2/virt-launcher:0.38.1
libbluetooth3-5.48-13.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
bluez-5.48-13.3.1
libbluetooth3-5.48-13.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
bluez-devel-5.48-13.3.1
SUSE Linux Enterprise Workstation Extension 15 SP2
bluez-cups-5.48-13.3.1
Ссылки
- Link for SUSE-SU-2020:3034-1
- E-Mail link for SUSE-SU-2020:3034-1
- SUSE Security Ratings
- SUSE Bug 1166751
- SUSE Bug 1177895
- SUSE CVE CVE-2020-0556 page
- SUSE CVE CVE-2020-27153 page
Описание
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
Затронутые продукты
Container suse/sles/15.2/virt-launcher:0.38.1:libbluetooth3-5.48-13.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP2:bluez-5.48-13.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP2:libbluetooth3-5.48-13.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:bluez-devel-5.48-13.3.1
Ссылки
- CVE-2020-0556
- SUSE Bug 1166751
Описание
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.
Затронутые продукты
Container suse/sles/15.2/virt-launcher:0.38.1:libbluetooth3-5.48-13.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP2:bluez-5.48-13.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP2:libbluetooth3-5.48-13.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:bluez-devel-5.48-13.3.1
Ссылки
- CVE-2020-27153
- SUSE Bug 1177895