ELA-720-1 bluez security update

Debian 10225 Published by

A bluez security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address several vulnerabilities.



ELA-720-1 bluez security update

Package : bluez
Version : 5.43-2+deb9u2~deb8u5 (jessie), 5.43-2+deb9u6 (stretch)

Related CVEs :
CVE-2022-0204
CVE-2022-39176
CVE-2022-39177

Several vulnerabilities have been found in BlueZ, the Linux Bluetooth protocol stack.

CVE-2022-0204
A heap overflow vulnerability was found in bluez. An attacker with local network access
could pass specially crafted files causing an application to halt or crash, leading to
a denial of service.

CVE-2022-39176
BlueZ allows physically proximate attackers to obtain sensitive information because
profiles/audio/avrcp.c does not validate params_len.

CVE-2022-39177
BlueZ allows physically proximate attackers to cause a denial of service because
malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.

  ELA-720-1 bluez security update

openSUSE-SU-2022:10170-1: moderate: Security update for cacti, cacti-spine

DSA 5266-1: expat security update

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...