Package "libbluetooth3"
Name: |
libbluetooth3
|
Description: |
Library to use the BlueZ Linux Bluetooth stack
|
Latest version: |
5.48-0ubuntu3.9 |
Release: |
bionic (18.04) |
Level: |
security |
Repository: |
main |
Head package: |
bluez |
Homepage: |
http://www.bluez.org |
Links
Download "libbluetooth3"
Other versions of "libbluetooth3" in Bionic
Changelog
bluez (5.48-0ubuntu3.9) bionic-security; urgency=medium
* SECURITY UPDATE: various security improvements (LP: #1977968)
- debian/patches/avdtp-security.patch: check if capabilities are valid
before attempting to copy them in profiles/audio/avdtp.c.
- debian/patches/avdtp-security-2.patch: fix size comparison and
variable misassignment in profiles/audio/avdtp.c.
- debian/patches/avrcp-security.patch: make sure the number of bytes in
the params_len matches the remaining bytes received so the code don't
end up accessing invalid memory in profiles/audio/avrcp.c.
- No CVE numbers
-- Marc Deslauriers <email address hidden> Wed, 08 Jun 2022 07:19:20 -0400
|
Source diff to previous version |
1977968 |
Security update tracking bug |
|
bluez (5.48-0ubuntu3.8) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflow in gatt server protocol could lead to
a heap overflow, resulting in denial of service or potential code
execution.
- debian/patches/CVE-2022-0204.patch: add length and offset validation in
write_cb function in src/shared/gatt-server.c.
- CVE-2022-0204
-- Ray Veldkamp <email address hidden> Fri, 04 Feb 2022 10:25:37 +1100
|
Source diff to previous version |
CVE-2022-0204 |
Heap overflow vulnerability in the implementation of the gatt protocol |
|
bluez (5.48-0ubuntu3.7) bionic-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2019-8922.patch: check if there is enough space in
lib/sdp.c.
- CVE-2019-8922
-- Marc Deslauriers <email address hidden> Wed, 08 Dec 2021 07:57:30 -0500
|
Source diff to previous version |
CVE-2019-8922 |
A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destin |
|
bluez (5.48-0ubuntu3.6) bionic-security; urgency=medium
* SECURITY UPDATE: DoS via memory leak in sdp_cstate_alloc_buf
- debian/patches/CVE-2021-41229-pre1.patch: fix not checking if cstate
length in src/sdpd-request.c.
- debian/patches/CVE-2021-41229.patch: fix leaking buffers stored in
cstates cache in src/sdpd-request.c, src/sdpd-server.c, src/sdpd.h,
unit/test-sdp.c.
- CVE-2021-41229
* SECURITY UPDATE: use-after-free when client disconnects
- debian/patches/CVE-2021-43400-pre1.patch: send device and link
options with AcquireNotify in src/gatt-database.c.
- debian/patches/CVE-2021-43400-pre2.patch: fix Acquire* reply handling
in src/gatt-database.c.
- debian/patches/CVE-2021-43400-pre3.patch: no multiple calls to
AcquireWrite in src/gatt-database.c.
- debian/patches/CVE-2021-43400-pre4.patch: provide MTU in ReadValue
and WriteValue in src/gatt-database.c.
- debian/patches/CVE-2021-43400.patch: fix not cleaning up when
disconnected in src/gatt-database.c.
- CVE-2021-43400
-- Marc Deslauriers <email address hidden> Wed, 17 Nov 2021 10:52:30 -0500
|
Source diff to previous version |
CVE-2021-41229 |
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will |
CVE-2021-43400 |
An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValu |
|
bluez (5.48-0ubuntu3.5) bionic-security; urgency=medium
* SECURITY UPDATE: secure pairing passkey brute force
- debian/patches/CVE-2020-26558.patch: fix not properly checking for
secure flags in src/shared/att-types.h, src/shared/gatt-server.c.
- CVE-2020-26558
* SECURITY UPDATE: DoS or code execution via double-free
- debian/patches/CVE-2020-27153.patch: fix possible crash on disconnect
in src/shared/att.c.
- CVE-2020-27153
-- Marc Deslauriers <email address hidden> Wed, 09 Jun 2021 11:12:47 -0400
|
CVE-2020-26558 |
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the |
CVE-2020-27153 |
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a |
|
About
-
Send Feedback to @ubuntu_updates