SUSE-SU-2023:3238-1

Опубликовано: 08 авг. 2023

Источник: suse-cvrf

Описание

Security update for bluez

This update for bluez fixes the following issues:

CVE-2021-41229: Fix leaking buffers stored in cstates cache. (bsc#1192760)

Список пакетов

Image SLES15-SP4-SAP-Azure-LI-BYOS

libbluetooth3-5.62-150400.4.16.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

libbluetooth3-5.62-150400.4.16.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

libbluetooth3-5.62-150400.4.16.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

libbluetooth3-5.62-150400.4.16.1

SUSE Linux Enterprise Micro 5.3

libbluetooth3-5.62-150400.4.16.1

SUSE Linux Enterprise Micro 5.4

libbluetooth3-5.62-150400.4.16.1

SUSE Linux Enterprise Module for Basesystem 15 SP4

bluez-5.62-150400.4.16.1

bluez-deprecated-5.62-150400.4.16.1

libbluetooth3-5.62-150400.4.16.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP4

bluez-devel-5.62-150400.4.16.1

SUSE Linux Enterprise Workstation Extension 15 SP4

bluez-cups-5.62-150400.4.16.1

openSUSE Leap 15.4

bluez-5.62-150400.4.16.1

bluez-auto-enable-devices-5.62-150400.4.16.1

bluez-cups-5.62-150400.4.16.1

bluez-deprecated-5.62-150400.4.16.1

bluez-devel-5.62-150400.4.16.1

bluez-devel-32bit-5.62-150400.4.16.1

bluez-test-5.62-150400.4.16.1

libbluetooth3-5.62-150400.4.16.1

libbluetooth3-32bit-5.62-150400.4.16.1

openSUSE Leap Micro 5.3

libbluetooth3-5.62-150400.4.16.1

openSUSE Leap Micro 5.4

libbluetooth3-5.62-150400.4.16.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20233238-1/
Link for SUSE-SU-2023:3238-1
https://lists.suse.com/pipermail/sle-updates/2023-August/030851.html
E-Mail link for SUSE-SU-2023:3238-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1192760
SUSE Bug 1192760
https://www.suse.com/security/cve/CVE-2021-41229/
SUSE CVE CVE-2021-41229 page

Описание

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.

Затронутые продукты

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production:libbluetooth3-5.62-150400.4.16.1

Image SLES15-SP4-SAP-Azure-LI-BYOS:libbluetooth3-5.62-150400.4.16.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production:libbluetooth3-5.62-150400.4.16.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS:libbluetooth3-5.62-150400.4.16.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-41229.html
CVE-2021-41229
https://bugzilla.suse.com/1192760
SUSE Bug 1192760

SUSE-SU-2023:3238-1

Описание

Список пакетов

Image SLES15-SP4-SAP-Azure-LI-BYOS

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

Image SLES15-SP4-SAP-Azure-VLI-BYOS

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Micro 5.3

SUSE Linux Enterprise Micro 5.4

SUSE Linux Enterprise Module for Basesystem 15 SP4

SUSE Linux Enterprise Module for Desktop Applications 15 SP4

SUSE Linux Enterprise Workstation Extension 15 SP4

openSUSE Leap 15.4

openSUSE Leap Micro 5.3

openSUSE Leap Micro 5.4

Ссылки

Уязвимость: CVE-2021-41229

Описание

Затронутые продукты

Ссылки