[Bug 1926548] Re: The gatt protocol has out-of-bounds read that leads to information leakage
bluez (5.53-0ubuntu3.2) focal-security; urgency=medium * SECURITY UPDATE: secure pairing passkey brute force - debian/patches/CVE-2020-26558.patch: fix not properly checking for secure flags in src/shared/att-types.h, src/shared/gatt-server.c. - CVE-2020-26558 * SECURITY UPDATE: DoS or code execution via double-free - debian/patches/CVE-2020-27153.patch: fix possible crash on disconnect in src/shared/att.c. - CVE-2020-27153 * SECURITY UPDATE: info disclosure via out of bounds read - debian/patches/CVE-2021-3588.patch: when client features is read check if the offset is within the cli_feat bounds in src/gatt-database.c. - CVE-2021-3588 -- Marc Deslauriers Wed, 09 Jun 2021 11:06:38 -0400 ** Changed in: bluez (Ubuntu Focal) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926548 Title: The gatt protocol has out-of-bounds read that leads to information leakage To manage notifications about this bug go to: https://bugs.launchpad.net/bluez/+bug/1926548/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926548] Re: The gatt protocol has out-of-bounds read that leads to information leakage
bluez (5.55-0ubuntu1.2) groovy-security; urgency=medium * SECURITY UPDATE: secure pairing passkey brute force - debian/patches/CVE-2020-26558.patch: fix not properly checking for secure flags in src/shared/att-types.h, src/shared/gatt-server.c. - CVE-2020-26558 * SECURITY UPDATE: info disclosure via out of bounds read - debian/patches/CVE-2021-3588.patch: when client features is read check if the offset is within the cli_feat bounds in src/gatt-database.c. - CVE-2021-3588 -- Marc Deslauriers Wed, 09 Jun 2021 11:01:25 -0400 ** Also affects: bluez (Ubuntu Groovy) Importance: Undecided Status: New ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-26558 ** Changed in: bluez (Ubuntu Groovy) Status: New => Fix Released ** Also affects: bluez (Ubuntu Focal) Importance: Undecided Status: New ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-27153 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926548 Title: The gatt protocol has out-of-bounds read that leads to information leakage To manage notifications about this bug go to: https://bugs.launchpad.net/bluez/+bug/1926548/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926548] Re: The gatt protocol has out-of-bounds read that leads to information leakage
Wonderful, thanks Daniel! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926548 Title: The gatt protocol has out-of-bounds read that leads to information leakage To manage notifications about this bug go to: https://bugs.launchpad.net/bluez/+bug/1926548/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926548] Re: The gatt protocol has out-of-bounds read that leads to information leakage
(checks again) Yes, fixed in 5.56 looks right. commit 3a40bef49305f8327635b81ac8be52a3ca063d5a Author: Luiz Augusto von Dentz AuthorDate: Mon Jan 4 10:38:31 2021 -0800 Commit: Luiz Augusto von Dentz CommitDate: Tue Jan 5 10:41:27 2021 -0800 landed on master before the next tag, which was: commit 482929f12b645f652d378fbe8d0a5b7c05d65c4f (tag: 5.56) Author: Marcel Holtmann AuthorDate: Mon Feb 22 21:12:40 2021 +0100 Commit: Marcel Holtmann CommitDate: Mon Feb 22 21:12:40 2021 +0100 However, it doesn't look like it's present on master anymore because it was rewritten 6 hours later: commit 6a50b6aeda78a88eafb177718109c256eec077a6 Author: Luiz Augusto von Dentz AuthorDate: Tue Jan 5 16:45:37 2021 -0800 Commit: Luiz Augusto von Dentz CommitDate: Tue Jan 5 16:55:32 2021 -0800 I assume the rewrite is free of the original bug, and so still fixed in 5.56. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926548 Title: The gatt protocol has out-of-bounds read that leads to information leakage To manage notifications about this bug go to: https://bugs.launchpad.net/bluez/+bug/1926548/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926548] Re: The gatt protocol has out-of-bounds read that leads to information leakage
Daniel, are you sure about that fixed-in-5.56 bug tag? I can't spot the referenced commit in the tarballs 5.55, 5.56, 5.57, 5.58 from: http://www.bluez.org/ nor in the github sources: https://github.com/bluez/bluez/blob/master/src/gatt-database.c#L1054 nor the kernel.org sources: https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/src/gatt-database.c#n1054 Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926548 Title: The gatt protocol has out-of-bounds read that leads to information leakage To manage notifications about this bug go to: https://bugs.launchpad.net/bluez/+bug/1926548/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926548] Re: The gatt protocol has out-of-bounds read that leads to information leakage
** Changed in: bluez Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926548 Title: The gatt protocol has out-of-bounds read that leads to information leakage To manage notifications about this bug go to: https://bugs.launchpad.net/bluez/+bug/1926548/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926548] Re: The gatt protocol has out-of-bounds read that leads to information leakage
** Also affects: bluez via https://github.com/bluez/bluez/issues/70 Importance: Unknown Status: Unknown ** Tags added: fixed-in-5.56 fixed-upstream ** Also affects: bluez (Ubuntu Hirsute) Importance: Undecided Status: New ** Also affects: bluez (Ubuntu Impish) Importance: Undecided Status: New ** Changed in: bluez (Ubuntu Hirsute) Status: New => Fix Released ** Changed in: bluez (Ubuntu Impish) Status: New => Fix Released ** Tags added: rls-ff-incoming -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926548 Title: The gatt protocol has out-of-bounds read that leads to information leakage To manage notifications about this bug go to: https://bugs.launchpad.net/bluez/+bug/1926548/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926548] Re: The gatt protocol has out-of-bounds read that leads to information leakage
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926548 Title: The gatt protocol has out-of-bounds read that leads to information leakage To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1926548/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs