Описание
Security update for bluez
This update for bluez fixes the following issues:
- CVE-2021-41229: Fix leaking buffers stored in cstates cache. (bsc#1192760)
Список пакетов
SUSE Linux Enterprise Micro 5.3
libbluetooth3-5.62-150400.4.16.1
SUSE Linux Enterprise Micro 5.4
libbluetooth3-5.62-150400.4.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
bluez-5.62-150400.4.16.1
bluez-deprecated-5.62-150400.4.16.1
libbluetooth3-5.62-150400.4.16.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP4
bluez-devel-5.62-150400.4.16.1
SUSE Linux Enterprise Workstation Extension 15 SP4
bluez-cups-5.62-150400.4.16.1
openSUSE Leap 15.4
bluez-5.62-150400.4.16.1
bluez-auto-enable-devices-5.62-150400.4.16.1
bluez-cups-5.62-150400.4.16.1
bluez-deprecated-5.62-150400.4.16.1
bluez-devel-5.62-150400.4.16.1
bluez-devel-32bit-5.62-150400.4.16.1
bluez-test-5.62-150400.4.16.1
libbluetooth3-5.62-150400.4.16.1
libbluetooth3-32bit-5.62-150400.4.16.1
openSUSE Leap Micro 5.3
libbluetooth3-5.62-150400.4.16.1
openSUSE Leap Micro 5.4
libbluetooth3-5.62-150400.4.16.1
Ссылки
- Link for SUSE-SU-2023:3238-1
- E-Mail link for SUSE-SU-2023:3238-1
- SUSE Security Ratings
- SUSE Bug 1192760
- SUSE CVE CVE-2021-41229 page
Описание
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.
Затронутые продукты
SUSE Linux Enterprise Micro 5.3:libbluetooth3-5.62-150400.4.16.1
SUSE Linux Enterprise Micro 5.4:libbluetooth3-5.62-150400.4.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:bluez-5.62-150400.4.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:bluez-deprecated-5.62-150400.4.16.1
Ссылки
- CVE-2021-41229
- SUSE Bug 1192760