SUSE-SU-2023:2546-1

Опубликовано: 19 июн. 2023

Источник: suse-cvrf

Описание

Security update for bluez

This update for bluez fixes the following issues:

CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398).

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP5

bluez-5.65-150500.3.3.1

bluez-zsh-completion-5.65-150500.3.3.1

libbluetooth3-5.65-150500.3.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP5

bluez-devel-5.65-150500.3.3.1

SUSE Linux Enterprise Workstation Extension 15 SP5

bluez-cups-5.65-150500.3.3.1

openSUSE Leap 15.5

bluez-5.65-150500.3.3.1

bluez-auto-enable-devices-5.65-150500.3.3.1

bluez-cups-5.65-150500.3.3.1

bluez-deprecated-5.65-150500.3.3.1

bluez-devel-5.65-150500.3.3.1

bluez-devel-32bit-5.65-150500.3.3.1

bluez-obexd-5.65-150500.3.3.1

bluez-test-5.65-150500.3.3.1

bluez-zsh-completion-5.65-150500.3.3.1

libbluetooth3-5.65-150500.3.3.1

libbluetooth3-32bit-5.65-150500.3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232546-1/
Link for SUSE-SU-2023:2546-1
https://lists.suse.com/pipermail/sle-updates/2023-June/029926.html
E-Mail link for SUSE-SU-2023:2546-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1210398
SUSE Bug 1210398
https://www.suse.com/security/cve/CVE-2023-27349/
SUSE CVE CVE-2023-27349 page

Описание

BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19908.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP5:bluez-5.65-150500.3.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP5:bluez-zsh-completion-5.65-150500.3.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP5:libbluetooth3-5.65-150500.3.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP5:bluez-devel-5.65-150500.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-27349.html
CVE-2023-27349
https://bugzilla.suse.com/1210398
SUSE Bug 1210398

SUSE-SU-2023:2546-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP5

SUSE Linux Enterprise Module for Desktop Applications 15 SP5

SUSE Linux Enterprise Workstation Extension 15 SP5

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2023-27349

Описание

Затронутые продукты

Ссылки