Описание
Security update for bluez
This update for bluez fixes the following issues:
- CVE-2021-41229: Fixed leaking buffers stored in cstates cache (bsc#1192760).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
bluez-5.13-5.42.2
libbluetooth3-5.13-5.42.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5
bluez-5.13-5.42.2
libbluetooth3-5.13-5.42.2
SUSE Linux Enterprise Software Development Kit 12 SP5
bluez-devel-5.13-5.42.2
SUSE Linux Enterprise Workstation Extension 12 SP5
bluez-cups-5.13-5.42.2
Ссылки
- Link for SUSE-SU-2023:3689-1
- E-Mail link for SUSE-SU-2023:3689-1
- SUSE Security Ratings
- SUSE Bug 1192760
- SUSE CVE CVE-2021-41229 page
Описание
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:bluez-5.13-5.42.2
SUSE Linux Enterprise Server 12 SP5:libbluetooth3-5.13-5.42.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5:bluez-5.13-5.42.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5:libbluetooth3-5.13-5.42.2
Ссылки
- CVE-2021-41229
- SUSE Bug 1192760