Security update for bluez SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:2810-1 Final 1 1 2017-10-20T12:59:02Z current 2017-10-20T12:59:02Z 2017-10-20T12:59:02Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bluez This update for bluez fixes the following vulnerabilities: * CVE-2016-7837: Buffer overflow in parse_line function (bsc#1026652) * CVE-2017-1000250: information disclosure vulnerability in service_search_attr_req (bsc#1057342) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-10/msg00069.html E-Mail link for openSUSE-SU-2017:2810-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 bluez-5.41-6.1 bluez-cups-5.41-6.1 bluez-devel-5.41-6.1 bluez-devel-32bit-5.41-6.1 bluez-test-5.41-6.1 libbluetooth3-5.41-6.1 libbluetooth3-32bit-5.41-6.1 bluez-5.41-6.1 as a component of openSUSE Leap 42.2 bluez-cups-5.41-6.1 as a component of openSUSE Leap 42.2 bluez-devel-5.41-6.1 as a component of openSUSE Leap 42.2 bluez-devel-32bit-5.41-6.1 as a component of openSUSE Leap 42.2 bluez-test-5.41-6.1 as a component of openSUSE Leap 42.2 libbluetooth3-5.41-6.1 as a component of openSUSE Leap 42.2 libbluetooth3-32bit-5.41-6.1 as a component of openSUSE Leap 42.2 bluez-5.41-6.1 as a component of openSUSE Leap 42.3 bluez-cups-5.41-6.1 as a component of openSUSE Leap 42.3 bluez-devel-5.41-6.1 as a component of openSUSE Leap 42.3 bluez-devel-32bit-5.41-6.1 as a component of openSUSE Leap 42.3 bluez-test-5.41-6.1 as a component of openSUSE Leap 42.3 libbluetooth3-5.41-6.1 as a component of openSUSE Leap 42.3 libbluetooth3-32bit-5.41-6.1 as a component of openSUSE Leap 42.3 Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities. CVE-2016-7837 openSUSE Leap 42.2:bluez-5.41-6.1 openSUSE Leap 42.2:bluez-cups-5.41-6.1 openSUSE Leap 42.2:bluez-devel-32bit-5.41-6.1 openSUSE Leap 42.2:bluez-devel-5.41-6.1 openSUSE Leap 42.2:bluez-test-5.41-6.1 openSUSE Leap 42.2:libbluetooth3-32bit-5.41-6.1 openSUSE Leap 42.2:libbluetooth3-5.41-6.1 openSUSE Leap 42.3:bluez-5.41-6.1 openSUSE Leap 42.3:bluez-cups-5.41-6.1 openSUSE Leap 42.3:bluez-devel-32bit-5.41-6.1 openSUSE Leap 42.3:bluez-devel-5.41-6.1 openSUSE Leap 42.3:bluez-test-5.41-6.1 openSUSE Leap 42.3:libbluetooth3-32bit-5.41-6.1 openSUSE Leap 42.3:libbluetooth3-5.41-6.1 moderate 4.1 AV:L/AC:M/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-10/msg00069.html https://www.suse.com/security/cve/CVE-2016-7837.html CVE-2016-7837 https://bugzilla.suse.com/1026652 SUSE Bug 1026652 All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. CVE-2017-1000250 openSUSE Leap 42.2:bluez-5.41-6.1 openSUSE Leap 42.2:bluez-cups-5.41-6.1 openSUSE Leap 42.2:bluez-devel-32bit-5.41-6.1 openSUSE Leap 42.2:bluez-devel-5.41-6.1 openSUSE Leap 42.2:bluez-test-5.41-6.1 openSUSE Leap 42.2:libbluetooth3-32bit-5.41-6.1 openSUSE Leap 42.2:libbluetooth3-5.41-6.1 openSUSE Leap 42.3:bluez-5.41-6.1 openSUSE Leap 42.3:bluez-cups-5.41-6.1 openSUSE Leap 42.3:bluez-devel-32bit-5.41-6.1 openSUSE Leap 42.3:bluez-devel-5.41-6.1 openSUSE Leap 42.3:bluez-test-5.41-6.1 openSUSE Leap 42.3:libbluetooth3-32bit-5.41-6.1 openSUSE Leap 42.3:libbluetooth3-5.41-6.1 moderate 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-10/msg00069.html https://www.suse.com/security/cve/CVE-2017-1000250.html CVE-2017-1000250 https://bugzilla.suse.com/1057342 SUSE Bug 1057342