Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2022:3687-1 Important: Bluez Buffer Overflow Security Advisory

suse
Calendar Grey October 21, 2022
Dist Suse Esm H88
Important SUSE Security Patch for NetworkManager addresses various vulnerabilities. Comprehensive installation instructions and product specifications provided.
An update that fixes 6 vulnerabilities is now available

Summary

This update for bluez fixes the following issues: - CVE-2021-0129: Fixed improper access control (bsc#1186463). - CVE-2020-26558: Fixed vulnerability that may permit a nearby man-in-the-middle attacker to identify the Passkey (bsc#1186463). - CVE-2019-8921: Fixed heap-based buffer overflow via crafted request (bsc#1193237). - CVE-2019-8922: Fixed heap-based buffer overflow via crafted request (bsc#1193227). - CVE-2021-3658: Fixed adapter incorrectly restoring discoverable state after powered down (bsc#1188859). - CVE-2021-43400: Fixed use-after-free in gatt-database.c (bsc#1192394). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

Topics%20covered

Topics Covered

security advisory update buffer overflow critical access control SUSE bluez

References

#1186463 #1188859 #1192394 #1193227 #1193237

Cross- CVE-2019-8921 CVE-2019-8922 CVE-2020-26558

CVE-2021-0129 CVE-2021-3658 CVE-2021-43400

CVSS scores:

CVE-2019-8921 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2019-8921 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2019-8922 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2019-8922 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2020-26558 (NVD) : 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2020-26558 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2021-0129 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2021-0129 (SUSE): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:3687-1
Rating: important

Topics%20covered

Topics Covered

security advisory update buffer overflow critical access control SUSE bluez

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here