Debian 10225 Published by

A bluez security update has been released for Debian GNU/Linux 8 Extended LTS to address man-in-the-middle attack and information disclosure vulnerabilities.



ELA-445-1 bluez security update

Package bluez
Version 5.43-2+deb9u2~deb8u3
Related CVEs CVE-2020-26558 CVE-2021-0129

Two issues have been found in bluez, a package with Bluetooth tools and daemons. One issue is about a man-in-the-middle attack during secure pairing, the other is about information disclosure due to improper access control.

In order to completely fix both issues, you need an updated kernel as well!

For Debian 8 jessie, these problems have been fixed in version 5.43-2+deb9u2~deb8u3.

We recommend that you upgrade your bluez packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-445-1 bluez security update