ALSA-2025:4043

[ALSA-2025:4043] Moderate: bluez security update

Type:

security

Severity:

moderate

Release date:

2025-04-22

Description:

The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (AlmaLinux), and pcmcia configuration files.   

Security Fix(es):  

  * BlueZ: Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability (CVE-2023-27349)
  * bluez: audio profile avrcp parse_media_element out-of-bounds read information disclosure vulnerability (CVE-2023-51589)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	bluez-libs-devel-5.63-5.el8_10.alma.1.aarch64.rpm	1730f8d10c75af4b40af291fd0f38c3445f0515a770afc23d2bb51f1fa06c043
aarch64	bluez-cups-5.63-5.el8_10.alma.1.aarch64.rpm	2bd4b2356c9c25c5f1386aaa53cee54ec2f6580ee9de7ecb156144d49bacd505
i686	bluez-libs-devel-5.63-5.el8_10.alma.1.i686.rpm	f5a7c10f3ea928dd2a1c560bb258edbc9855e36427611d33608d876b97da0e0d
ppc64le	bluez-libs-devel-5.63-5.el8_10.alma.1.ppc64le.rpm	24f9b8b9ddc61c7c36dce7e35ec49690b2fa67993879b4a3755ff0e588f14c79
ppc64le	bluez-cups-5.63-5.el8_10.alma.1.ppc64le.rpm	41e7a866d27099f003f7aad2251bb6dd57a235426b3aa9b1fa59cbbf867abd27
s390x	bluez-cups-5.63-5.el8_10.alma.1.s390x.rpm	4d8aab815d3f4b069b43cf53345f25a3fd38f9dd868cb132ea7ade5403ec7479
s390x	bluez-libs-devel-5.63-5.el8_10.alma.1.s390x.rpm	a9fbba206704adef41acf03dd1fb1e7c00080b8e302ec7d959d8d48c348ea594
x86_64	bluez-libs-devel-5.63-5.el8_10.alma.1.x86_64.rpm	b73202e40fca10cb07f4a0200aef248565633bb24f648c3f24a5240a72720e5a
x86_64	bluez-cups-5.63-5.el8_10.alma.1.x86_64.rpm	e723f4e5a97ee57a1ab2edc477b3bbb5b60202c06caa64ee25d4a51f4db1302e

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.