Package "bluez"

Name: bluez


Bluetooth tools and daemons

Latest version: 5.50-0ubuntu5.1
Release: eoan (19.10)
Level: security
Repository: main
Homepage: http://www.bluez.org


Save this URL for the latest version of "bluez": https://www.ubuntuupdates.org/bluez

Download "bluez"

Other versions of "bluez" in Eoan

Repository Area Version
base universe 5.50-0ubuntu4
base main 5.50-0ubuntu4
security universe 5.50-0ubuntu5.1
updates universe 5.50-0ubuntu5.1
updates main 5.50-0ubuntu5.1

Packages in group

Deleted packages are displayed in grey.


Version: 5.50-0ubuntu5.1 2020-03-30 16:06:16 UTC

  bluez (5.50-0ubuntu5.1) eoan-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via improper access control
    - debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from
      bonded devices in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device
      connections only in profiles/input/device.c, profiles/input/device.h,
      profiles/input/input.conf, profiles/input/manager.c.
    - debian/patches/CVE-2020-0556-3.patch: attempt to set security level
      if not bonded in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to
      input.conf in profiles/input/device.h, profiles/input/hog.c,
      profiles/input/input.conf, profiles/input/manager.c.
    - CVE-2020-0556

 -- Marc Deslauriers <email address hidden> Mon, 23 Mar 2020 08:25:48 -0400

CVE-2020-0556 Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege an

About   -   Send Feedback to @ubuntu_updates