bluez (5.55-0ubuntu1.2) groovy-security; urgency=medium * SECURITY UPDATE: secure pairing passkey brute force - debian/patches/CVE-2020-26558.patch: fix not properly checking for secure flags in src/shared/att-types.h, src/shared/gatt-server.c. - CVE-2020-26558 * SECURITY UPDATE: info disclosure via out of bounds read - debian/patches/CVE-2021-3588.patch: when client features is read check if the offset is within the cli_feat bounds in src/gatt-database.c. - CVE-2021-3588
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Wed, 09 Jun 2021 11:01:25 -0400 ** Also affects: bluez (Ubuntu Groovy) Importance: Undecided Status: New ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-26558 ** Changed in: bluez (Ubuntu Groovy) Status: New => Fix Released ** Also affects: bluez (Ubuntu Focal) Importance: Undecided Status: New ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-27153 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926548 Title: The gatt protocol has out-of-bounds read that leads to information leakage To manage notifications about this bug go to: https://bugs.launchpad.net/bluez/+bug/1926548/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs