Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Ubuntu 16.04 LTS USN-7265-1: BlueZ crash risk and code execution

ubuntu
Calendar Grey February 12, 2025
Dist Ubuntu Esm H88
Concerns regarding BlueZ vulnerabilities can result in system failures or unapproved operations. Apply updates for stable functionality.
BlueZ could be made to crash or run programs as your login if it received specially crafted Bluetooth requests.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: BlueZ could be made to crash or run programs as your login if it received specially crafted Bluetooth requests. Software Description: - bluez: Bluetooth tools and daemons Details: Julian Rauchberger discovered that BlueZ did not correctly handle certain memory operations. An attacker could possibly use this issue to leak sensitive information or execute arbitrary code. (CVE-2019-8921, CVE-2019-8922)

Topics%20covered

Topics Covered

security advisory remote code execution Ubuntu crash memory operations BlueZ

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS   bluez                           5.37-0ubuntu5.3+esm5                                   Available with Ubuntu Pro   libbluetooth3                   5.37-0ubuntu5.3+esm5                                   Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7265-1

  CVE-2019-8921, CVE-2019-8922

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7265-1

Topics%20covered

Topics Covered

security advisory remote code execution Ubuntu crash memory operations BlueZ

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here