-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 26 Nov 2021 19:05:30 +0100 Source: bluez Binary: libbluetooth3 libbluetooth3-dbg libbluetooth-dev bluetooth bluez bluez-dbg bluez-cups bluez-obexd bluez-hcidump bluez-test-tools bluez-test-scripts Architecture: source Version: 5.43-2+deb9u5 Distribution: stretch-security Urgency: high Maintainer: Debian Bluetooth Maintainers <pkg-bluetooth-maintainers@lists.alioth.debian.org> Changed-By: Sylvain Beucler <beuc@debian.org> Description: bluetooth - Bluetooth support bluez - Bluetooth tools and daemons bluez-cups - Bluetooth printer driver for CUPS bluez-dbg - Bluetooth tools and daemons (with debugging symbols) bluez-hcidump - Analyses Bluetooth HCI packets bluez-obexd - bluez obex daemon bluez-test-scripts - test scripts of bluez bluez-test-tools - test tools of bluez libbluetooth-dev - Development files for using the BlueZ Linux Bluetooth library libbluetooth3 - Library to use the BlueZ Linux Bluetooth stack libbluetooth3-dbg - Library to use the BlueZ Linux Bluetooth stack with debugging sym Changes: bluez (5.43-2+deb9u5) stretch-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2017-1000250: replace RedHat's early patch with upstream's, so as to minimize conflicts with new CVE fixes * CVE-2019-8921: SDP infoleak, the vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation of BlueZ. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. * CVE-2019-8922: SDP Heap Overflow; this vulnerability lies in the SDP protocol handling of attribute requests as well. By requesting a huge number of attributes at the same time, an attacker can overflow the static buffer provided to hold the response. * CVE-2021-41229: sdp_cstate_alloc_buf allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash. Checksums-Sha1: 234087d4d7ba3956f6045943160c71c8c19d3a37 2781 bluez_5.43-2+deb9u5.dsc a18cf83678d8d10af5554f6252d447080663bd3b 36396 bluez_5.43-2+deb9u5.debian.tar.xz a53a00e87221af985d37451411b07bf28c52f2b1 9769 bluez_5.43-2+deb9u5_amd64.buildinfo Checksums-Sha256: 526d6b274a9a3387f23571534b91b0c1c12b15af5f235ecc3ac87a869ac3df25 2781 bluez_5.43-2+deb9u5.dsc 55da5ce6879559f830bf5754acf75ee067ca6ccd73e002d0fb1237813bba77e4 36396 bluez_5.43-2+deb9u5.debian.tar.xz b1f6ff3c0c715ef36aac6ce0b9c0434be2f6f3cb271a2b7ddfe0665537267230 9769 bluez_5.43-2+deb9u5_amd64.buildinfo Files: 526806a8751845210881456491da01d5 2781 admin optional bluez_5.43-2+deb9u5.dsc 79a1956af046c5f0a70debef10345b76 36396 admin optional bluez_5.43-2+deb9u5.debian.tar.xz c5042dc5420723cbe1d969879904021d 9769 admin optional bluez_5.43-2+deb9u5_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIyBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmGiAmcACgkQDTl9HeUl XjAreA/1Eov8mn8ogAk3GojUBBzZMsqEULUKV/LuwBUpQNHsGqsgwdwWCxIT8+SG oIYP1o6bwQq/ZkNhbUDNtQcFYG5GW/LwaKlcFDUDKM0ZG60yxL049U8XhzDbFbMM 93QPjOh8dFRCSVWDBDwYAE7wD5sLsYZDwxW2yu/OPKhuZLKwKqUEpcGoa+gfNgp3 UDJiAlpQ+oWmsGdbj0q8149beRvI2IaXqnZzEONot8tHjSI4ZICXep3nNgyCqVgb dpfMqOGP7SQnfniGY2Wu5cIWzdXFpo6a4BOSpeL5dKMqjgNBGyomyI3VEsOScTkv ztV0ZzDpUZDhT2PCzKhCfvJEnFRFlEy4/ShQmfnzij8TZqZrZV908LXA2nTIgw1I lFGNkjNLzhQ79Fk9EY1ydnkryFsia3cn6J6kZF3TVxcQfQG0qMPvDnLPB12t6dGx ztagwXnxCayZszcsdoFB/i5Qz6TyraNzjTemmJiSFx896wWZOf3oD49Q6q1qo9jL gCtFewgkgMlB9SzxWmQBd3afaj+1R1T3ktT6yPtbSWB6cw7HP8SZYgkEZFBLRO08 4309bs9bFeWbrFMP5qOqG8all3wsBQ2o9cGK5NGIIl+uzLm8vWqwQXpx7UNsJnkY pGglP5g3iwEO3UOXF5lJ6B9EOZ8ONbSafRCI5pmZ12elA9KUXA== =IioE -----END PGP SIGNATURE-----