Debian 10261 Published by

A bluez security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address several vulnerabilities.



ELA-720-1 bluez security update

Package : bluez
Version : 5.43-2+deb9u2~deb8u5 (jessie), 5.43-2+deb9u6 (stretch)

Related CVEs :
CVE-2022-0204
CVE-2022-39176
CVE-2022-39177

Several vulnerabilities have been found in BlueZ, the Linux Bluetooth protocol stack.

CVE-2022-0204
A heap overflow vulnerability was found in bluez. An attacker with local network access
could pass specially crafted files causing an application to halt or crash, leading to
a denial of service.

CVE-2022-39176
BlueZ allows physically proximate attackers to obtain sensitive information because
profiles/audio/avrcp.c does not validate params_len.

CVE-2022-39177
BlueZ allows physically proximate attackers to cause a denial of service because
malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.

  ELA-720-1 bluez security update