bluez (5.55-0ubuntu1.2) groovy-security; urgency=medium
* SECURITY UPDATE: secure pairing passkey brute force
- debian/patches/CVE-2020-26558.patch: fix not properly checking for
secure flags in src/shared/att-types.h, src/shared/gatt-server.c.
- CVE-2020-26558
* SECURITY UPDATE: info disclosure via out of bounds read
- debian/patches/CVE-2021-3588.patch: when client features is read
check if the offset is within the cli_feat bounds in
src/gatt-database.c.
- CVE-2021-3588
-- Marc Deslauriers <[email protected]> Wed, 09 Jun 2021
11:01:25 -0400
** Also affects: bluez (Ubuntu Groovy)
Importance: Undecided
Status: New
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-26558
** Changed in: bluez (Ubuntu Groovy)
Status: New => Fix Released
** Also affects: bluez (Ubuntu Focal)
Importance: Undecided
Status: New
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-27153
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1926548
Title:
The gatt protocol has out-of-bounds read that leads to information
leakage
To manage notifications about this bug go to:
https://bugs.launchpad.net/bluez/+bug/1926548/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
