| Summary: | <net-wireless/bluez-5.63: heap buffer overflow | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | 89q1r14hd, pacho |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q | ||
| Whiteboard: | B1 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 837584 | ||
| Bug Blocks: | |||
|
Description
John Helmert III
2022-03-13 14:03:24 UTC
This is the patch: https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0 So, please cleanup. Sorry, right, we need stabilization here Now please cleanup :) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ce2e1c7de43ea080fbf8e1dea2af821993d8d6d6 commit ce2e1c7de43ea080fbf8e1dea2af821993d8d6d6 Author: Pacho Ramos <pacho@gentoo.org> AuthorDate: 2022-04-18 16:23:31 +0000 Commit: Pacho Ramos <pacho@gentoo.org> CommitDate: 2022-04-18 16:23:31 +0000 net-wireless/bluez: drop 5.62-r2, 5.62-r3, 5.63-r1 Bug: https://bugs.gentoo.org/835077 Signed-off-by: Pacho Ramos <pacho@gentoo.org> net-wireless/bluez/Manifest | 2 - net-wireless/bluez/bluez-5.62-r2.ebuild | 285 ----------- net-wireless/bluez/bluez-5.62-r3.ebuild | 295 ----------- net-wireless/bluez/bluez-5.63-r1.ebuild | 295 ----------- ...1-Revert-attrib-Make-use-of-bt_att_resend.patch | 188 ------- ...hog-Fix-read-order-of-attributes-rediffed.patch | 542 --------------------- ...while-uhid-device-has-not-been-c-rediffed.patch | 90 ---- .../bluez/files/bluez-5.62-fix-disconnecting.patch | 54 -- 8 files changed, 1751 deletions(-) (In reply to John Helmert III from comment #0) > CVE-2022-0204 (https://bugzilla.redhat.com/show_bug.cgi?id=2039807): > > A heap overflow vulnerability was found in bluez in versions prior to 5.63. > An attacker with local network access could pass specially crafted files > causing an application to halt or crash, leading to a denial of service. > > The GitHub advisory claims this can result in remote code execution, > but RedHat's closed the bug as NOTABUG without explanation, but gave > this a CVE anyway, but with a different impact than the advisory. I asked about discrepancy between the impact in the bug and CVE on the bug (https://bugzilla.redhat.com/show_bug.cgi?id=2039807#c5) in March, then asked by mail on the 29th, then pinged again on April 8 and got no response to any of it. I've pinged RedHat one more time, but I suppose we'll just GLSA and trust the Github advisory if I don't hear from them soon. GLSA request filed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=84d576b12052186017c2b0197f8b202a48dd8f32 commit 84d576b12052186017c2b0197f8b202a48dd8f32 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-09-29 14:21:34 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-29 14:47:58 +0000 [ GLSA 202209-16 ] BlueZ: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/797712 Bug: https://bugs.gentoo.org/835077 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202209-16.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) GLSA released, all done! |