UbuntuUpdates.org

Package "bluez-obexd"

Name: bluez-obexd

Description:

bluez obex daemon

Latest version: 5.48-0ubuntu3.8
Release: bionic (18.04)
Level: security
Repository: main
Head package: bluez
Homepage: http://www.bluez.org

Links


Download "bluez-obexd"


Other versions of "bluez-obexd" in Bionic

Repository Area Version
base main 5.48-0ubuntu3
updates main 5.48-0ubuntu3.8

Changelog

Version: 5.48-0ubuntu3.8 2022-02-08 05:06:22 UTC

  bluez (5.48-0ubuntu3.8) bionic-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in gatt server protocol could lead to
    a heap overflow, resulting in denial of service or potential code
    execution.
    - debian/patches/CVE-2022-0204.patch: add length and offset validation in
      write_cb function in src/shared/gatt-server.c.
    - CVE-2022-0204

 -- Ray Veldkamp <email address hidden> Fri, 04 Feb 2022 10:25:37 +1100

Source diff to previous version
CVE-2022-0204 Heap overflow vulnerability in the implementation of the gatt protocol

Version: 5.48-0ubuntu3.7 2021-12-08 19:06:22 UTC

  bluez (5.48-0ubuntu3.7) bionic-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2019-8922.patch: check if there is enough space in
      lib/sdp.c.
    - CVE-2019-8922

 -- Marc Deslauriers <email address hidden> Wed, 08 Dec 2021 07:57:30 -0500

Source diff to previous version
CVE-2019-8922 A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destin

Version: 5.48-0ubuntu3.6 2021-11-23 20:06:21 UTC

  bluez (5.48-0ubuntu3.6) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS via memory leak in sdp_cstate_alloc_buf
    - debian/patches/CVE-2021-41229-pre1.patch: fix not checking if cstate
      length in src/sdpd-request.c.
    - debian/patches/CVE-2021-41229.patch: fix leaking buffers stored in
      cstates cache in src/sdpd-request.c, src/sdpd-server.c, src/sdpd.h,
      unit/test-sdp.c.
    - CVE-2021-41229
  * SECURITY UPDATE: use-after-free when client disconnects
    - debian/patches/CVE-2021-43400-pre1.patch: send device and link
      options with AcquireNotify in src/gatt-database.c.
    - debian/patches/CVE-2021-43400-pre2.patch: fix Acquire* reply handling
      in src/gatt-database.c.
    - debian/patches/CVE-2021-43400-pre3.patch: no multiple calls to
      AcquireWrite in src/gatt-database.c.
    - debian/patches/CVE-2021-43400-pre4.patch: provide MTU in ReadValue
      and WriteValue in src/gatt-database.c.
    - debian/patches/CVE-2021-43400.patch: fix not cleaning up when
      disconnected in src/gatt-database.c.
    - CVE-2021-43400

 -- Marc Deslauriers <email address hidden> Wed, 17 Nov 2021 10:52:30 -0500

Source diff to previous version
CVE-2021-41229 BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will
CVE-2021-43400 An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValu

Version: 5.48-0ubuntu3.5 2021-06-16 14:06:24 UTC

  bluez (5.48-0ubuntu3.5) bionic-security; urgency=medium

  * SECURITY UPDATE: secure pairing passkey brute force
    - debian/patches/CVE-2020-26558.patch: fix not properly checking for
      secure flags in src/shared/att-types.h, src/shared/gatt-server.c.
    - CVE-2020-26558
  * SECURITY UPDATE: DoS or code execution via double-free
    - debian/patches/CVE-2020-27153.patch: fix possible crash on disconnect
      in src/shared/att.c.
    - CVE-2020-27153

 -- Marc Deslauriers <email address hidden> Wed, 09 Jun 2021 11:12:47 -0400

Source diff to previous version
CVE-2020-26558 Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the
CVE-2020-27153 In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a

Version: 5.48-0ubuntu3.4 2020-03-30 16:06:13 UTC

  bluez (5.48-0ubuntu3.4) bionic-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via improper access control
    - debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from
      bonded devices in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device
      connections only in profiles/input/device.c, profiles/input/device.h,
      profiles/input/input.conf, profiles/input/manager.c.
    - debian/patches/CVE-2020-0556-3.patch: attempt to set security level
      if not bonded in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to
      input.conf in profiles/input/device.h, profiles/input/hog.c,
      profiles/input/input.conf, profiles/input/manager.c.
    - CVE-2020-0556

 -- Marc Deslauriers <email address hidden> Mon, 23 Mar 2020 08:26:28 -0400

CVE-2020-0556 Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege an



About   -   Send Feedback to @ubuntu_updates