Operating System:

[Ubuntu]

Published:

09 December 2021

Protect yourself against future threats.

//Service

Early Warning SMS

Receive SMS notifications for the most critical security threats and vulnerabilities.

Read more
Resources > Security Bulletins > ESB-2021.4167 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.4167
                      USN-5183-1: BlueZ vulnerability
                              9 December 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           BlueZ
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-8922  

Reference:         ESB-2021.4011

Original Bulletin: 
   https://ubuntu.com/security/notices/USN-5183-1

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-5183-1: BlueZ vulnerability
08 December 2021

BlueZ could be made to crash or run programs if it received specially
crafted traffic.
Releases

  o Ubuntu 18.04 LTS

Packages

  o bluez - Bluetooth tools and daemons

Details

Julian Rauchberger discovered that BlueZ incorrectly handled memory when
processing SDP attribute requests. A remote attacker could use this issue
to cause BlueZ to crash, leading to a denial of service, or possibly
execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 18.04

  o libbluetooth3 - 5.48-0ubuntu3.7
  o bluez - 5.48-0ubuntu3.7

In general, a standard system update will make all the necessary changes.

References

  o CVE-2019-8922

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYbFPQ+NLKJtyKPYoAQjdbxAAlP1LpBC7zjgnNIIJ4MxwknxoCqtMWYLw
ddOqvZIc2BoMYlGDk3tICmc0J771+u906co0FZP/RvbNtpN8W6uBxISjg1BE5WNs
TE8mvjwZUxv5UQ9e8KcP/8dJR9inrWJGu3uWqVPYkI7AOM4MAJKHb0VHbgDxDCMZ
v8yaMFFHFVFBwTWWXUCVczgXM0dUEB2VEetlrT7yfTmI1PXvfdFnWXHd2ZdPJhFR
3Hge7+jST3KdnjjI9vjAFget8rsHgPOx0QZ1IEfJvNe0fFDZaMQ91fyswEITZ7Lh
kqmf5tmUBIRobjgvjJj+anvWl4tFlqy0VuWPn9mecXeMRaj2ewftnnhrRlvSQUqq
tCHUtKCITPxo8gyTuq/RT2lwmFhvRV7owIzNBBjHzVslkrg3ZCB9bCLKB5lougYd
hjn0cXAsZu9tv5ayqPEnbIu7a6X1Nf3Dr7pFXzrIBGAowNfMRyQksvKqE+Rxd1GG
lah1GMUG4g0/sQSrEXJ/NRqUtoo+YgYIRoNbHeU7Kkyf+G+FZCcD4UVMgeY6H1cN
6ekpt+vk+5MeJbpJqKp5FKSu6M5D5c9AsYljjj4Gm6+0LXEdA9LWHLM3g36OOJZH
JIHCnQwQe1nwvLDJdyE2wCswBLBDZnE9pZiinQQZV/YgZ3h1czplHjO/eC0BzR4O
hEowmFhqj/g=
=qyIE
-----END PGP SIGNATURE-----