Описание
Security update for bluez
This update for bluez fixes the following issues:
- CVE-2021-0129,CVE-2020-26558: Check bluetooth security flags (bsc#1186463).
Список пакетов
openSUSE Leap 15.3
bluez-5.55-3.3.1
bluez-auto-enable-devices-5.55-3.3.1
bluez-cups-5.55-3.3.1
bluez-deprecated-5.55-3.3.1
bluez-devel-5.55-3.3.1
bluez-devel-32bit-5.55-3.3.1
bluez-test-5.55-3.3.1
libbluetooth3-5.55-3.3.1
libbluetooth3-32bit-5.55-3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2021:2291-1
- SUSE Security Ratings
- SUSE Bug 1186463
- SUSE CVE CVE-2020-26558 page
- SUSE CVE CVE-2021-0129 page
Описание
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.
Затронутые продукты
openSUSE Leap 15.3:bluez-5.55-3.3.1
openSUSE Leap 15.3:bluez-auto-enable-devices-5.55-3.3.1
openSUSE Leap 15.3:bluez-cups-5.55-3.3.1
openSUSE Leap 15.3:bluez-deprecated-5.55-3.3.1
Ссылки
- CVE-2020-26558
- SUSE Bug 1179610
- SUSE Bug 1186463
Описание
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
Затронутые продукты
openSUSE Leap 15.3:bluez-5.55-3.3.1
openSUSE Leap 15.3:bluez-auto-enable-devices-5.55-3.3.1
openSUSE Leap 15.3:bluez-cups-5.55-3.3.1
openSUSE Leap 15.3:bluez-deprecated-5.55-3.3.1
Ссылки
- CVE-2021-0129
- SUSE Bug 1186463