Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: iwd 2025-35347bf9f0 Security Advisory Updates

fedora
Calendar Grey March 20, 2025
Dist Fedora Esm H88
Discover essential updates for the Fedora 42 iwd security advisory focusing on critical issues with BlueZ and related utilities.
bluez 5.80: Fix issue with handling address type for all types of keys

Summary

The daemon and utilities for controlling and configuring the Wi-Fi network

hardware.

Update Information:

bluez 5.80: Fix issue with handling address type for all types of keys. Fix issue with handling maximum number of GATT channels. Fix issue with handling MTU auto-tuning feature. Fix issue with handling AVRCP volume in reconfigured transports. Fix issue with handling VCP volume setting requests. Fix issue with handling VCP connection management. Fix issue with handling MAP qualification. Fix issue with handling PBAP qualification. Fix issue with handling BNEP qualification. Add support for PreferredBearer device property. Add support for SupportedTypes Message Access property. Add support for HFP, A2DP, AVRCP, AVCTP and MAP latest versions. iwd 3.4: Add support for the Test Anything Protocol. libell 0.74: Add support for NIST P-192 curve usage with ECDH. Add support for SHA-224 based checksums and HMACs. libell 0.73: Fix issue with parsing hwdb.bin child structures. libell 0.72: Add support for the Test Anything Protocol.

Topics%20covered

Topics Covered

security advisory update Fedora bluez iwd Wi-Fi daemon

Change Log

* Mon Mar 17 2025 Peter Robinson - 3.4-1 - Update to 3.4

References


[ 1 ] Bug #2278949 - CVE-2023-51596 bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2278949 [ 2 ] Bug #2278957 - CVE-2023-51594 bluez: OBEX library out-of-bounds read information disclosure vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2278957 [ 3 ] Bug #2278963 - CVE-2023-51592 bluez: audio profile avrcp parse_media_folder out-of-bounds read information disclosure vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2278963 [ 4 ] Bug #2278966 - CVE-2023-51589 bluez: audio profile avrcp parse_media_element out-of-bounds read information disclosure vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2278966 [ 5 ] Bug #2278968 - CVE-2023-51580 bluez: avrcp_parse_attribute_list out-of-bounds read information disclosure vulnerability [fedora-all] https://bugzilla.r...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-35347bf9f0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: iwd
Product: Fedora 42
Version: 3.4
Release: 1.fc42
URL: https://archive.kernel.org/oldwiki/iwd.wiki.kernel.org/
Summary: Wireless daemon for Linux

Topics%20covered

Topics Covered

security advisory update Fedora bluez iwd Wi-Fi daemon

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here