bluez (5.53-0ubuntu3.2) focal-security; urgency=medium
* SECURITY UPDATE: secure pairing passkey brute force
- debian/patches/CVE-2020-26558.patch: fix not properly checking for
secure flags in src/shared/att-types.h, src/shared/gatt-server.c.
- CVE-2020-26558
* SECURITY UPDATE: DoS or code execution via double-free
- debian/patches/CVE-2020-27153.patch: fix possible crash on disconnect
in src/shared/att.c.
- CVE-2020-27153
* SECURITY UPDATE: info disclosure via out of bounds read
- debian/patches/CVE-2021-3588.patch: when client features is read
check if the offset is within the cli_feat bounds in
src/gatt-database.c.
- CVE-2021-3588
-- Marc Deslauriers <[email protected]> Wed, 09 Jun 2021
11:06:38 -0400
** Changed in: bluez (Ubuntu Focal)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1926548
Title:
The gatt protocol has out-of-bounds read that leads to information
leakage
To manage notifications about this bug go to:
https://bugs.launchpad.net/bluez/+bug/1926548/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
