bluez (5.53-0ubuntu3.2) focal-security; urgency=medium * SECURITY UPDATE: secure pairing passkey brute force - debian/patches/CVE-2020-26558.patch: fix not properly checking for secure flags in src/shared/att-types.h, src/shared/gatt-server.c. - CVE-2020-26558 * SECURITY UPDATE: DoS or code execution via double-free - debian/patches/CVE-2020-27153.patch: fix possible crash on disconnect in src/shared/att.c. - CVE-2020-27153 * SECURITY UPDATE: info disclosure via out of bounds read - debian/patches/CVE-2021-3588.patch: when client features is read check if the offset is within the cli_feat bounds in src/gatt-database.c. - CVE-2021-3588
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Wed, 09 Jun 2021 11:06:38 -0400 ** Changed in: bluez (Ubuntu Focal) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926548 Title: The gatt protocol has out-of-bounds read that leads to information leakage To manage notifications about this bug go to: https://bugs.launchpad.net/bluez/+bug/1926548/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs