Package "bluez"

Name: bluez


Bluetooth tools and daemons

Latest version: 5.53-0ubuntu3.7
Release: focal (20.04)
Level: updates
Repository: main
Homepage: http://www.bluez.org


Download "bluez"

Other versions of "bluez" in Focal

Repository Area Version
base main 5.53-0ubuntu3
base universe 5.53-0ubuntu3
security main 5.53-0ubuntu3.7
security universe 5.53-0ubuntu3.7
updates universe 5.53-0ubuntu3.7

Packages in group

Deleted packages are displayed in grey.


Version: 5.53-0ubuntu3.7 2023-12-07 05:06:52 UTC

  bluez (5.53-0ubuntu3.7) focal-security; urgency=medium

  * SECURITY UPDATE: make conf compliant to HID specification
    - debian/patches/CVE-2023-45866.patch: input.conf: Change default of
    - CVE-2023-45866

 -- Nishit Majithia <email address hidden> Wed, 29 Nov 2023 14:41:45 +0530

Source diff to previous version

Version: 5.53-0ubuntu3.6 2022-06-15 19:06:26 UTC

  bluez (5.53-0ubuntu3.6) focal-security; urgency=medium

  * SECURITY UPDATE: various security improvements (LP: #1977968)
    - debian/patches/avdtp-security.patch: check if capabilities are valid
      before attempting to copy them in profiles/audio/avdtp.c.
    - debian/patches/avdtp-security-2.patch: fix size comparison and
      variable misassignment in profiles/audio/avdtp.c.
    - debian/patches/avrcp-security.patch: make sure the number of bytes in
      the params_len matches the remaining bytes received so the code don't
      end up accessing invalid memory in profiles/audio/avrcp.c.
    - No CVE numbers

 -- Marc Deslauriers <email address hidden> Wed, 08 Jun 2022 07:09:00 -0400

Source diff to previous version
1977968 Security update tracking bug

Version: 5.53-0ubuntu3.5 2022-02-08 06:06:31 UTC

  bluez (5.53-0ubuntu3.5) focal-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in gatt server protocol could lead to
    a heap overflow, resulting in denial of service or potential code
    - debian/patches/CVE-2022-0204.patch: add length and offset validation in
      write_cb function in src/shared/gatt-server.c.
    - CVE-2022-0204

 -- Ray Veldkamp <email address hidden> Thu, 03 Feb 2022 22:27:07 +1100

Source diff to previous version
CVE-2022-0204 Heap overflow vulnerability in the implementation of the gatt protocol

Version: 5.53-0ubuntu3.4 2021-11-23 21:06:22 UTC

  bluez (5.53-0ubuntu3.4) focal-security; urgency=medium

  * SECURITY UPDATE: incorrect discoverable status
    - debian/patches/CVE-2021-3658.patch: fix storing discoverable setting
      in src/adapter.c.
    - CVE-2021-3658
  * SECURITY UPDATE: DoS via memory leak in sdp_cstate_alloc_buf
    - debian/patches/CVE-2021-41229.patch: fix leaking buffers stored in
      cstates cache in src/sdpd-request.c, src/sdpd-server.c, src/sdpd.h,
    - CVE-2021-41229
  * SECURITY UPDATE: use-after-free when client disconnects
    - debian/patches/CVE-2021-43400-pre1.patch: fix Acquire* reply handling
      in src/gatt-database.c.
    - debian/patches/CVE-2021-43400-pre2.patch: no multiple calls to
      AcquireWrite in src/gatt-database.c.
    - debian/patches/CVE-2021-43400.patch: fix not cleaning up when
      disconnected in src/gatt-database.c.
    - CVE-2021-43400

 -- Marc Deslauriers <email address hidden> Wed, 17 Nov 2021 10:19:15 -0500

Source diff to previous version
CVE-2021-41229 BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will
CVE-2021-43400 An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValu

Version: 5.53-0ubuntu3.3 2021-07-01 12:06:24 UTC

  bluez (5.53-0ubuntu3.3) focal; urgency=medium

  * debian/patches/0001-fix-reading-from-rfkill-socket.patch:
    - fix reading from rfkill socket (lp: #1933221)

 -- Andy Chi <email address hidden> Tue, 22 Jun 2021 14:27:12 +0800

1933221 Blutooth on/off does not work properly from gnome-control-center

About   -   Send Feedback to @ubuntu_updates