UbuntuUpdates.org

Package "bluez"

Name: bluez

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Bluetooth support
  • Analyses Bluetooth HCI packets
  • BlueZ test tools and scripts

Latest version: 5.37-0ubuntu5.3
Release: xenial (16.04)
Level: security
Repository: universe

Links



Other versions of "bluez" in Xenial

Repository Area Version
base main 5.37-0ubuntu5
base universe 5.37-0ubuntu5
security main 5.37-0ubuntu5.3
updates universe 5.37-0ubuntu5.3
updates main 5.37-0ubuntu5.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.37-0ubuntu5.3 2020-03-30 20:06:16 UTC

  bluez (5.37-0ubuntu5.3) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in parse_line function
    - debian/patches/CVE-2016-7837.patch: make sure we don't write past the
      end of the array in tools/csr.c.
    - CVE-2016-7837
  * SECURITY UPDATE: privilege escalation via improper access control
    - debian/patches/CVE-2020-0556-pre1.patch: use .accept and .disconnect
      instead of attio in profiles/input/hog.c, src/device.c, src/device.h.
    - debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from
      bonded devices in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device
      connections only in profiles/input/device.c, profiles/input/device.h,
      profiles/input/input.conf, profiles/input/manager.c.
    - debian/patches/CVE-2020-0556-3.patch: attempt to set security level
      if not bonded in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to
      input.conf in profiles/input/device.h, profiles/input/hog.c,
      profiles/input/input.conf, profiles/input/manager.c.
    - CVE-2020-0556

 -- Marc Deslauriers <email address hidden> Mon, 23 Mar 2020 08:39:08 -0400

Source diff to previous version
CVE-2016-7837 Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.
CVE-2020-0556 Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege an

Version: 5.37-0ubuntu5.1 2017-09-12 20:06:32 UTC
No changelog available yet.



About   -   Send Feedback to @ubuntu_updates