Source: bluez Version: 5.43-1 Severity: important Tags: security upstream Hi,
the following vulnerabilities were published for bluez. CVE-2016-9797[0]: | In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function | in "tools/parser/l2cap.c" source file. This issue can be triggered by | processing a corrupted dump file and will result in hcidump crash. CVE-2016-9798[1]: | In BlueZ 5.42, a use-after-free was identified in "conf_opt" function | in "tools/parser/l2cap.c" source file. This issue can be triggered by | processing a corrupted dump file and will result in hcidump crash. CVE-2016-9799[2]: | In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" | function in "btsnoop.c" source file. This issue can be triggered by | processing a corrupted dump file and will result in btmon crash. CVE-2016-9800[3]: | In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" | function in "tools/parser/hci.c" source file. The issue exists because | "pin" array is overflowed by supplied parameter due to lack of boundary | checks on size of the buffer from frame "pin_code_reply_cp *cp" | parameter. CVE-2016-9801[4]: | In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" | function in "tools/parser/l2cap.c" source file when processing | corrupted dump file. CVE-2016-9802[5]: | In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" | function in "monitor/packet.c" source file. This issue can be triggered | by processing a corrupted dump file and will result in btmon crash. CVE-2016-9803[6]: | In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" | function in "tools/parser/hci.c" source file. This issue exists because | 'subevent' (which is used to read correct element from 'ev_le_meta_str' | array) is overflowed. CVE-2016-9804[7]: | In BlueZ 5.42, a buffer overflow was observed in "commands_dump" | function in "tools/parser/csr.c" source file. The issue exists because | "commands" array is overflowed by supplied parameter due to lack of | boundary checks on size of the buffer from frame "frm->ptr" parameter. | This issue can be triggered by processing a corrupted dump file and | will result in hcidump crash. CVE-2016-9917[8]: | In BlueZ 5.42, a buffer overflow was observed in "read_n" function in | "tools/hcidump.c" source file. This issue can be triggered by | processing a corrupted dump file and will result in hcidump crash. CVE-2016-9918[9]: | In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" | function in "monitor/packet.c" source file. This issue can be triggered | by processing a corrupted dump file and will result in btmon crash. Although the description mentions only up to 5.42 5.43 is as well still vulnerable to those since no changes were done to those AFAICS. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9797 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9797 [1] https://security-tracker.debian.org/tracker/CVE-2016-9798 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9798 [2] https://security-tracker.debian.org/tracker/CVE-2016-9799 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9799 [3] https://security-tracker.debian.org/tracker/CVE-2016-9800 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9800 [4] https://security-tracker.debian.org/tracker/CVE-2016-9801 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9801 [5] https://security-tracker.debian.org/tracker/CVE-2016-9802 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9802 [6] https://security-tracker.debian.org/tracker/CVE-2016-9803 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9803 [7] https://security-tracker.debian.org/tracker/CVE-2016-9804 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9804 [8] https://security-tracker.debian.org/tracker/CVE-2016-9917 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9917 [9] https://security-tracker.debian.org/tracker/CVE-2016-9918 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9918 Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
