Package "bluez"
| Name: |
bluez
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- Bluetooth support
- Analyses Bluetooth HCI packets
- BlueZ test tools and scripts
|
| Latest version: |
5.53-0ubuntu3.8 |
| Release: |
focal (20.04) |
| Level: |
security |
| Repository: |
universe |
Links
Other versions of "bluez" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
|
bluez (5.53-0ubuntu3.2) focal-security; urgency=medium
* SECURITY UPDATE: secure pairing passkey brute force
- debian/patches/CVE-2020-26558.patch: fix not properly checking for
secure flags in src/shared/att-types.h, src/shared/gatt-server.c.
- CVE-2020-26558
* SECURITY UPDATE: DoS or code execution via double-free
- debian/patches/CVE-2020-27153.patch: fix possible crash on disconnect
in src/shared/att.c.
- CVE-2020-27153
* SECURITY UPDATE: info disclosure via out of bounds read
- debian/patches/CVE-2021-3588.patch: when client features is read
check if the offset is within the cli_feat bounds in
src/gatt-database.c.
- CVE-2021-3588
-- Marc Deslauriers <email address hidden> Wed, 09 Jun 2021 11:06:38 -0400
|
| CVE-2020-26558 |
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the |
| CVE-2020-27153 |
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a |
| CVE-2021-3588 |
The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an ar |
|
About
-
Send Feedback to @ubuntu_updates
