SUSE-SU-2023:2562-1

Опубликовано: 21 июн. 2023

Источник: suse-cvrf

Описание

Security update for bluez

This update for bluez fixes the following issues:

CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398).

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

bluez-5.13-5.39.1

libbluetooth3-5.13-5.39.1

SUSE Linux Enterprise Server 12 SP4-ESPOS

bluez-5.13-5.39.1

libbluetooth3-5.13-5.39.1

SUSE Linux Enterprise Server 12 SP4-LTSS

bluez-5.13-5.39.1

libbluetooth3-5.13-5.39.1

SUSE Linux Enterprise Server 12 SP5

bluez-5.13-5.39.1

libbluetooth3-5.13-5.39.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

bluez-5.13-5.39.1

libbluetooth3-5.13-5.39.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

bluez-5.13-5.39.1

libbluetooth3-5.13-5.39.1

SUSE Linux Enterprise Software Development Kit 12 SP5

bluez-devel-5.13-5.39.1

SUSE Linux Enterprise Workstation Extension 12 SP5

bluez-cups-5.13-5.39.1

SUSE OpenStack Cloud 9

bluez-5.13-5.39.1

libbluetooth3-5.13-5.39.1

SUSE OpenStack Cloud Crowbar 9

bluez-5.13-5.39.1

libbluetooth3-5.13-5.39.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232562-1/
Link for SUSE-SU-2023:2562-1
https://lists.suse.com/pipermail/sle-updates/2023-June/029972.html
E-Mail link for SUSE-SU-2023:2562-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1210398
SUSE Bug 1210398
https://www.suse.com/security/cve/CVE-2023-27349/
SUSE CVE CVE-2023-27349 page

Описание

BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19908.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:bluez-5.13-5.39.1

SUSE Linux Enterprise Server 12 SP2-BCL:libbluetooth3-5.13-5.39.1

SUSE Linux Enterprise Server 12 SP4-ESPOS:bluez-5.13-5.39.1

SUSE Linux Enterprise Server 12 SP4-ESPOS:libbluetooth3-5.13-5.39.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-27349.html
CVE-2023-27349
https://bugzilla.suse.com/1210398
SUSE Bug 1210398

SUSE-SU-2023:2562-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP4-ESPOS

SUSE Linux Enterprise Server 12 SP4-LTSS

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

SUSE Linux Enterprise Workstation Extension 12 SP5

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud Crowbar 9

Ссылки

Уязвимость: CVE-2023-27349

Описание

Затронутые продукты

Ссылки