Mageia 2021-0532: bluez security update
Summary
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a
vulnerability exists in sdp_cstate_alloc_buf which allocates memory which
will always be hung in the singly linked list of cstates and will not be
freed. This will cause a memory leak over time. The data can be a very
large object, which can be caused by an attacker continuously sending sdp
packets and this may cause the service of the target device to crash.
(CVE-2021-41229)
An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free
can occur when a client disconnects during D-Bus processing of a WriteValue
call. (CVE-2021-43400)
References
- https://bugs.mageia.org/show_bug.cgi?id=29694
- https://ubuntu.com/security/notices/USN-5155-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41229
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43400
Resolution
MGASA-2021-0532 - Updated bluez packages fix security vulnerability
SRPMS
- 8/core/bluez-5.55-3.3.mga8