Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2022:3691-1 Important: Bluez Buffer Overflow Threats and Fixes

suse
Calendar Grey October 21, 2022
Dist Suse Esm H88
SUSE Security patch for NetworkManager addresses critical problems such as privilege escalation and denial of service vulnerabilities.
An update that fixes 6 vulnerabilities is now available

Summary

This update for bluez fixes the following issues: - CVE-2019-8921: Fixed heap-based buffer overflow via crafted request (bsc#1193237). - CVE-2019-8922: Fixed heap-based buffer overflow via crafted request (bsc#1193227). - CVE-2020-26558: Fixed vulnerability that may permit a nearby man-in-the-middle attacker to identify the Passkey (bsc#1186463). - CVE-2021-0129: Fixed improper access control (bsc#1186463). - CVE-2021-3658: Fixed adapter incorrectly restoring discoverable state after powered down (bsc#1188859). - CVE-2021-43400: Fixed use-after-free in gatt-database.c (bsc#1192394). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

Topics%20covered

Topics Covered

security advisory buffer overflow important man-in-the-middle SUSE Linux Enterprise bluez GATT

References

#1186463 #1188859 #1192394 #1193227 #1193237

Cross- CVE-2019-8921 CVE-2019-8922 CVE-2020-26558

CVE-2021-0129 CVE-2021-3658 CVE-2021-43400

CVSS scores:

CVE-2019-8921 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2019-8921 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2019-8922 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2019-8922 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2020-26558 (NVD) : 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2020-26558 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2021-0129 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2021-0129 (SUSE): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:3691-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow important man-in-the-middle SUSE Linux Enterprise bluez GATT

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here