CVE-2021-3588: The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading. Patch: https://github.com/bluez/bluez/commit/3a40bef49 bluez $ git tag --contains 3a40bef49 5.56 5.57 5.58 Please cleanup.
Actually, an Intel advisory seems to indicate 5.57 fixes a couple more CVEs: CVE-2021-0129: Description: Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. CVE-2020-26558: Description: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.
(In reply to John Helmert III from comment #1) > Actually, an Intel advisory seems to indicate 5.57 fixes a couple more CVEs: Forgot to actually link the advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc88877a2411735d828da371cd8b72b2173625f5 commit dc88877a2411735d828da371cd8b72b2173625f5 Author: Pacho Ramos <pacho@gentoo.org> AuthorDate: 2021-06-23 07:52:09 +0000 Commit: Pacho Ramos <pacho@gentoo.org> CommitDate: 2021-06-23 07:53:39 +0000 net-wireless/bluez: Drop old Bug: https://bugs.gentoo.org/797712 Package-Manager: Portage-3.0.19, Repoman-3.0.3 Signed-off-by: Pacho Ramos <pacho@gentoo.org> net-wireless/bluez/Manifest | 2 - net-wireless/bluez/bluez-5.55.ebuild | 299 --------------------- net-wireless/bluez/bluez-5.56-r1.ebuild | 296 -------------------- .../bluez/files/bluez-5.56-avdtp-disconnects.patch | 41 --- 4 files changed, 638 deletions(-)
Thank you!
Package list is empty or all packages have requested keywords.
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=84d576b12052186017c2b0197f8b202a48dd8f32 commit 84d576b12052186017c2b0197f8b202a48dd8f32 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-09-29 14:21:34 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-29 14:47:58 +0000 [ GLSA 202209-16 ] BlueZ: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/797712 Bug: https://bugs.gentoo.org/835077 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202209-16.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+)
GLSA released, all done!
