Описание
Security update for bluez
This update for bluez fixes the following issues:
- CVE-2021-43400: Fixed use-after-free in gatt-database.c (bsc#1192394).
- CVE-2021-3658: Fixed adapter incorrectly restoring discoverable state after powered down (bsc#1188859).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP3
bluez-5.55-150300.3.14.1
bluez-deprecated-5.55-150300.3.14.1
libbluetooth3-5.55-150300.3.14.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
bluez-devel-5.55-150300.3.14.1
SUSE Linux Enterprise Workstation Extension 15 SP3
bluez-cups-5.55-150300.3.14.1
openSUSE Leap 15.3
bluez-5.55-150300.3.14.1
bluez-auto-enable-devices-5.55-150300.3.14.1
bluez-cups-5.55-150300.3.14.1
bluez-deprecated-5.55-150300.3.14.1
bluez-devel-5.55-150300.3.14.1
bluez-devel-32bit-5.55-150300.3.14.1
bluez-test-5.55-150300.3.14.1
libbluetooth3-5.55-150300.3.14.1
libbluetooth3-32bit-5.55-150300.3.14.1
Ссылки
- Link for SUSE-SU-2022:3981-1
- E-Mail link for SUSE-SU-2022:3981-1
- SUSE Security Ratings
- SUSE Bug 1188859
- SUSE Bug 1192394
- SUSE CVE CVE-2021-3658 page
- SUSE CVE CVE-2021-43400 page
Описание
bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP3:bluez-5.55-150300.3.14.1
SUSE Linux Enterprise Module for Basesystem 15 SP3:bluez-deprecated-5.55-150300.3.14.1
SUSE Linux Enterprise Module for Basesystem 15 SP3:libbluetooth3-5.55-150300.3.14.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3:bluez-devel-5.55-150300.3.14.1
Ссылки
- CVE-2021-3658
- SUSE Bug 1188859
Описание
An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP3:bluez-5.55-150300.3.14.1
SUSE Linux Enterprise Module for Basesystem 15 SP3:bluez-deprecated-5.55-150300.3.14.1
SUSE Linux Enterprise Module for Basesystem 15 SP3:libbluetooth3-5.55-150300.3.14.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3:bluez-devel-5.55-150300.3.14.1
Ссылки
- CVE-2021-43400
- SUSE Bug 1192394