Mageia 2021-0532: bluez security update

MGASA-2021-0532 - Updated bluez packages fix security vulnerability

Publication date: 02 Dec 2021
URL: https://advisories.mageia.org/MGASA-2021-0532.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-41229,
     CVE-2021-43400

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a
vulnerability exists in sdp_cstate_alloc_buf which allocates memory which
will always be hung in the singly linked list of cstates and will not be
freed. This will cause a memory leak over time. The data can be a very
large object, which can be caused by an attacker continuously sending sdp
packets and this may cause the service of the target device to crash.
(CVE-2021-41229)

An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free
can occur when a client disconnects during D-Bus processing of a WriteValue
call. (CVE-2021-43400)

References:
- https://bugs.mageia.org/show_bug.cgi?id=29694
- https://ubuntu.com/security/notices/USN-5155-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41229
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43400

SRPMS:
- 8/core/bluez-5.55-3.3.mga8

Advisories

What Are You Looking For?

Popular Tags

Mageia 2021-0532: bluez security update

Summary

Resolution

References

News

Advisories

HOWTOs

Features

Network Intrusion Detection Using Snort

Keeping Your System Secure is Easier than Ever with LinuxSecurity Customized Advisories!

How To Secure the Linux Kernel

Protect Your Privacy & Improve Your Pentesting in 2022 with Predator-OS

A Linux Admin's Getting Started Guide to Improving PHP Security

About Us

Powered By