Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4167 USN-5183-1: BlueZ vulnerability 9 December 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BlueZ Publisher: Ubuntu Operating System: Ubuntu Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-8922 Reference: ESB-2021.4011 Original Bulletin: https://ubuntu.com/security/notices/USN-5183-1 - --------------------------BEGIN INCLUDED TEXT-------------------- USN-5183-1: BlueZ vulnerability 08 December 2021 BlueZ could be made to crash or run programs if it received specially crafted traffic. Releases o Ubuntu 18.04 LTS Packages o bluez - Bluetooth tools and daemons Details Julian Rauchberger discovered that BlueZ incorrectly handled memory when processing SDP attribute requests. A remote attacker could use this issue to cause BlueZ to crash, leading to a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 o libbluetooth3 - 5.48-0ubuntu3.7 o bluez - 5.48-0ubuntu3.7 In general, a standard system update will make all the necessary changes. References o CVE-2019-8922 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYbFPQ+NLKJtyKPYoAQjdbxAAlP1LpBC7zjgnNIIJ4MxwknxoCqtMWYLw ddOqvZIc2BoMYlGDk3tICmc0J771+u906co0FZP/RvbNtpN8W6uBxISjg1BE5WNs TE8mvjwZUxv5UQ9e8KcP/8dJR9inrWJGu3uWqVPYkI7AOM4MAJKHb0VHbgDxDCMZ v8yaMFFHFVFBwTWWXUCVczgXM0dUEB2VEetlrT7yfTmI1PXvfdFnWXHd2ZdPJhFR 3Hge7+jST3KdnjjI9vjAFget8rsHgPOx0QZ1IEfJvNe0fFDZaMQ91fyswEITZ7Lh kqmf5tmUBIRobjgvjJj+anvWl4tFlqy0VuWPn9mecXeMRaj2ewftnnhrRlvSQUqq tCHUtKCITPxo8gyTuq/RT2lwmFhvRV7owIzNBBjHzVslkrg3ZCB9bCLKB5lougYd hjn0cXAsZu9tv5ayqPEnbIu7a6X1Nf3Dr7pFXzrIBGAowNfMRyQksvKqE+Rxd1GG lah1GMUG4g0/sQSrEXJ/NRqUtoo+YgYIRoNbHeU7Kkyf+G+FZCcD4UVMgeY6H1cN 6ekpt+vk+5MeJbpJqKp5FKSu6M5D5c9AsYljjj4Gm6+0LXEdA9LWHLM3g36OOJZH JIHCnQwQe1nwvLDJdyE2wCswBLBDZnE9pZiinQQZV/YgZ3h1czplHjO/eC0BzR4O hEowmFhqj/g= =qyIE -----END PGP SIGNATURE-----