Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.4011
bluez security update
29 November 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: bluez
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Unknown/Unspecified
Access Confidential Data -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2021-41229 CVE-2019-8922 CVE-2019-8921
Reference: ESB-2021.3989
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2021/11/msg00022.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2827-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
November 27, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : bluez
Version : 5.43-2+deb9u5
CVE ID : CVE-2019-8921 CVE-2019-8922 CVE-2021-41229
Debian Bug : 1000262
Several vulnerabilities were discovered in BlueZ, the Linux Bluetooth
protocol stack. An attacker could cause a denial-of-service (DoS) or
leak information.
CVE-2019-8921
SDP infoleak; the vulnerability lies in the handling of a
SVC_ATTR_REQ by the SDP implementation of BlueZ. By crafting a
malicious CSTATE, it is possible to trick the server into
returning more bytes than the buffer actually holds, resulting in
leaking arbitrary heap data.
CVE-2019-8922
SDP Heap Overflow; this vulnerability lies in the SDP protocol
handling of attribute requests as well. By requesting a huge
number of attributes at the same time, an attacker can overflow
the static buffer provided to hold the response.
CVE-2021-41229
sdp_cstate_alloc_buf allocates memory which will always be hung in
the singly linked list of cstates and will not be freed. This will
cause a memory leak over time. The data can be a very large
object, which can be caused by an attacker continuously sending
sdp packets and this may cause the service of the target device to
crash.
For Debian 9 stretch, these problems have been fixed in version
5.43-2+deb9u5.
We recommend that you upgrade your bluez packages.
For the detailed security status of bluez please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/bluez
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmGiEh0ACgkQDTl9HeUl
XjCqVQ/9HDvMcYwdegi6hxeBdzaBghIHveFKGx9HxOSEVHjtFabZbURMWT+nlg1a
TvhzC2YPKGyvqV6DJz3d1Nvc01bHcqRr/0ZUywn7bgjsCyjhNGTQCJgCL4lGdRkb
i9fsgDRVAb94PACw9O4o5FvpAexAIpNlhEi8+jyPmUa/dgPXS6UwD9SG1jbvAY/L
NK4uilj6y0rcLuJLNS5DlXsSKSaQ/OauzPcZgh3r99C4SU51Ix90GbhBL/+C7aox
hP8s85bjfMMpqrkxqu+210Pf+J/fQc/h/LGBGryQqgaOdQ2Feu8YOLTSG64M42UJ
Bm0Xw3MXbxOl4Rk2eg86g0zf/s/ONBGZZcIdHwJDDeWvWRtoJ+b/FceWdJvlgxBA
0gwzWsdvlaporMIabqhgVVRebpsK9sSJ3MLVo6ADZV3UZvfNdPQYmh5psvzBgYXX
O01V+kB5Gxd+MegV8QfOb+pKE+jNTrwhzWOx5z2J9T6nTBo6ABq9PgBHKqJnO2Ov
K1rwRF1EMPjnM+en1plSjfNRIxATBTDXAISryK00NL+X35QgetA5YcVWH0bHbLZr
kXE2pk/56UzC64Fw+wkTJKwxNP7TykFAY6JZAwtDb58jssXOXHa8j5wzQ4IZ8Kcd
t7QY1Xt77yyFlVLWszbkQtFsWX7hETVnEC90tNHrIYXe34dELso=
=fTkb
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYaQ3VONLKJtyKPYoAQj8Kw/+LIEsyUzhserQxl8aFzIsxUFxbehV/jeb
HR6Ijsfw8xe3UROJDKOjmHfYWWVFV+eHlUxe7a56EHUEdS2F63wkjbyXGjTJrzE3
dARA0G2tnY/PCR40svqFUzV/GWGynNYCKwkAX7CrV0aUvLvJAFbTqdYqOA+qyH6J
lYawZjpyXOL/+foDF/2q4TanyLOCodE60qDR8A+oO6CFimrodgWeaRZPYmIJO0yA
PjLzgCLWGbMo5rDy3vHVkXIpoiNHi8bIQGEM25HgKYnJC5yrdkOXb2cuU8lf5kOj
qIajIzKueLvE6NmvFS/W3a2xeDW7shszBiI38NCutMwzdsxbhdzvty3uhUbrotMV
QB3vyRz5UZgTeq0FzcW4ZWN9L/z5S/30KaVeBw5o7C1lBMRY+5a9sVgsY1OyLmln
KL8wc86WXrN9hPkN1aen8bbd0ijG6Q6mD2rhB68YWb8O392lWmFy+Kgp08pooLtJ
0unL4JUGkmuD03JgvwPgtSj5hDWvw5p76h3i8IZtzD2N22FT0GZUw9z2mOW8JEY4
V6/hyNM5UVthMFJQwo57s3p/VncY6iXDK6kwmD0zWPT0s9ppnq14oBXV+gDWKhRD
nJQM6bK3YILlmV8Z4CaQnkMHKlhaG0N3LMEqnwB1npcyzbZjvPpNbXrAxu2xvwiI
j6BjIoBRup8=
=GwNS
-----END PGP SIGNATURE-----