ELA-720-1 bluez security update
Package : bluez
ELA-720-1 bluez security update
Version : 5.43-2+deb9u2~deb8u5 (jessie), 5.43-2+deb9u6 (stretch)
Related CVEs :
CVE-2022-0204
CVE-2022-39176
CVE-2022-39177
Several vulnerabilities have been found in BlueZ, the Linux Bluetooth protocol stack.
CVE-2022-0204
A heap overflow vulnerability was found in bluez. An attacker with local network access
could pass specially crafted files causing an application to halt or crash, leading to
a denial of service.
CVE-2022-39176
BlueZ allows physically proximate attackers to obtain sensitive information because
profiles/audio/avrcp.c does not validate params_len.
CVE-2022-39177
BlueZ allows physically proximate attackers to cause a denial of service because
malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
A bluez security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address several vulnerabilities.
