Описание
Security update for bluez
This update for bluez fixes the following issues:
Security issues fixed:
- CVE-2016-9797: Fixed a buffer over-read in l2cap_dump() (bsc#1013708).
- CVE-2016-9798: Fixed a use-after-free in conf_opt() (bsc#1013712).
- CVE-2016-9917: Fixed a heap-based buffer overflow in read_n() (bsc#1015171).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1476-1
- SUSE Security Ratings
- SUSE Bug 1013708
- SUSE Bug 1013712
- SUSE Bug 1013893
- SUSE Bug 1015171
- SUSE CVE CVE-2016-9797 page
- SUSE CVE CVE-2016-9798 page
- SUSE CVE CVE-2016-9802 page
- SUSE CVE CVE-2016-9917 page
Описание
In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
Затронутые продукты
Ссылки
- CVE-2016-9797
- SUSE Bug 1013708
- SUSE Bug 1013712
Описание
In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
Затронутые продукты
Ссылки
- CVE-2016-9798
- SUSE Bug 1013708
- SUSE Bug 1013712
- SUSE Bug 1013732
Описание
In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.
Затронутые продукты
Ссылки
- CVE-2016-9802
- SUSE Bug 1013893
- SUSE Bug 1015173
Описание
In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
Затронутые продукты
Ссылки
- CVE-2016-9917
- SUSE Bug 1015171