exploitDog

SUSE-SU-2023:2613-1

Опубликовано: 22 июн. 2023

Источник: suse-cvrf

Описание

Security update for bluez

This update for bluez fixes the following issues:

CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398).

Список пакетов

SUSE Enterprise Storage 7.1

bluez-5.55-150300.3.22.1

bluez-deprecated-5.55-150300.3.22.1

bluez-devel-5.55-150300.3.22.1

libbluetooth3-5.55-150300.3.22.1

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

bluez-5.55-150300.3.22.1

bluez-deprecated-5.55-150300.3.22.1

bluez-devel-5.55-150300.3.22.1

libbluetooth3-5.55-150300.3.22.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

bluez-5.55-150300.3.22.1

bluez-deprecated-5.55-150300.3.22.1

bluez-devel-5.55-150300.3.22.1

libbluetooth3-5.55-150300.3.22.1

SUSE Linux Enterprise Real Time 15 SP3

bluez-5.55-150300.3.22.1

bluez-deprecated-5.55-150300.3.22.1

bluez-devel-5.55-150300.3.22.1

libbluetooth3-5.55-150300.3.22.1

SUSE Linux Enterprise Server 15 SP3-LTSS

bluez-5.55-150300.3.22.1

bluez-deprecated-5.55-150300.3.22.1

bluez-devel-5.55-150300.3.22.1

libbluetooth3-5.55-150300.3.22.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

bluez-5.55-150300.3.22.1

bluez-deprecated-5.55-150300.3.22.1

bluez-devel-5.55-150300.3.22.1

libbluetooth3-5.55-150300.3.22.1

SUSE Manager Proxy 4.2

bluez-5.55-150300.3.22.1

bluez-deprecated-5.55-150300.3.22.1

libbluetooth3-5.55-150300.3.22.1

SUSE Manager Server 4.2

bluez-5.55-150300.3.22.1

bluez-deprecated-5.55-150300.3.22.1

libbluetooth3-5.55-150300.3.22.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232613-1/
Link for SUSE-SU-2023:2613-1
https://lists.suse.com/pipermail/sle-security-updates/2024-February/018026.html
E-Mail link for SUSE-SU-2023:2613-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1210398
SUSE Bug 1210398
https://www.suse.com/security/cve/CVE-2023-27349/
SUSE CVE CVE-2023-27349 page

Описание

BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19908.

Затронутые продукты

SUSE Enterprise Storage 7.1:bluez-5.55-150300.3.22.1

SUSE Enterprise Storage 7.1:bluez-deprecated-5.55-150300.3.22.1

SUSE Enterprise Storage 7.1:bluez-devel-5.55-150300.3.22.1

SUSE Enterprise Storage 7.1:libbluetooth3-5.55-150300.3.22.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-27349.html
CVE-2023-27349
https://bugzilla.suse.com/1210398
SUSE Bug 1210398

Уязвимость SUSE-SU-2023:2613-1