Описание
Security update for bluez
This update for bluez fixes the following issues:
- CVE-2021-0129,CVE-2020-26558: Check bluetooth security flags (bsc#1186463).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP3
bluez-5.55-3.3.1
libbluetooth3-5.55-3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
bluez-devel-5.55-3.3.1
SUSE Linux Enterprise Workstation Extension 15 SP3
bluez-cups-5.55-3.3.1
Ссылки
- Link for SUSE-SU-2021:2291-1
- E-Mail link for SUSE-SU-2021:2291-1
- SUSE Security Ratings
- SUSE Bug 1186463
- SUSE CVE CVE-2020-26558 page
- SUSE CVE CVE-2021-0129 page
Описание
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP3:bluez-5.55-3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP3:libbluetooth3-5.55-3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3:bluez-devel-5.55-3.3.1
SUSE Linux Enterprise Workstation Extension 15 SP3:bluez-cups-5.55-3.3.1
Ссылки
- CVE-2020-26558
- SUSE Bug 1179610
- SUSE Bug 1186463
Описание
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP3:bluez-5.55-3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP3:libbluetooth3-5.55-3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3:bluez-devel-5.55-3.3.1
SUSE Linux Enterprise Workstation Extension 15 SP3:bluez-cups-5.55-3.3.1
Ссылки
- CVE-2021-0129
- SUSE Bug 1186463