ALSA-2024:9413

[ALSA-2024:9413] Moderate: bluez security update

Type:

security

Severity:

moderate

Release date:

2024-11-18

Description:

The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (AlmaLinux), and pcmcia configuration files.   

Security Fix(es):  

  * bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution (CVE-2023-45866)
  * BlueZ: Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability (CVE-2023-27349)
  * bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability (CVE-2023-51596)
  * bluez: OBEX library out-of-bounds read information disclosure vulnerability (CVE-2023-51594)
  * bluez: audio profile avrcp parse_media_folder out-of-bounds read information disclosure vulnerability (CVE-2023-51592)
  * bluez: audio profile avrcp parse_media_element out-of-bounds read information disclosure vulnerability (CVE-2023-51589)
  * bluez: avrcp_parse_attribute_list out-of-bounds read information disclosure vulnerability (CVE-2023-51580)
  * bluez: AVRCP stack-based buffer overflow remote code execution vulnerability (CVE-2023-44431)
  * bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability (CVE-2023-50230)
  * bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability (CVE-2023-50229)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  

Additional Changes:  

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	bluez-cups-5.72-2.el9.aarch64.rpm	275be23d9f3e388622c50fc116afecca3c6ed5cba7c557255e308258823db365
aarch64	bluez-5.72-2.el9.aarch64.rpm	562045017360d672f5de87ab0fcedbe6389f30dad28950c0b664981b46dae84b
aarch64	bluez-obexd-5.72-2.el9.aarch64.rpm	7dff731e4c5efbba291e700e236069d3e20cc7d020c91b79661ca4fa3d60cce0
aarch64	bluez-libs-5.72-2.el9.aarch64.rpm	a9d53198b7b4489526b9395bb91caf143ce1354028d67350dec5c2cbd1e9b728
aarch64	bluez-libs-devel-5.72-2.el9.aarch64.rpm	ae673a31906e3049f6a8fc42b3a33d2de142d991071648594b3df5dc0da456e3
i686	bluez-libs-devel-5.72-2.el9.i686.rpm	1615e55af77bc355f30465e8b9484c6849d271e13343aa6c643e60ae2ab1872a
i686	bluez-libs-5.72-2.el9.i686.rpm	af1aba8e6fa5ccf33032d58a3acc59368c07d532293396db205fb9a4bc1241ae
ppc64le	bluez-libs-5.72-2.el9.ppc64le.rpm	a4f4f1ad901265a650dfbe89fdc39cdbe479136b9cf56d825d0d21458a3d7669
ppc64le	bluez-libs-devel-5.72-2.el9.ppc64le.rpm	ccb0b4cb67f1a35c31f3a3fb206f477fc83801ad4417fb43ca7c835ab79c836c
ppc64le	bluez-obexd-5.72-2.el9.ppc64le.rpm	e303d670df0ba42d1484e137cfa3380aef22da69808302b06deb9e9eb1312516
ppc64le	bluez-cups-5.72-2.el9.ppc64le.rpm	f9fa131fb538d7f49c4eae50776a67eef0594844fabbbb49aaa4b13b5bea6618
ppc64le	bluez-5.72-2.el9.ppc64le.rpm	fbff38dbcb11e753f50438c599570c36a4acdd82f4ef419a417044ac858adb9a
s390x	bluez-cups-5.72-2.el9.s390x.rpm	04019ef1918796570ce4b2d33a4de9f0c1137115bc12f68633fffe02d29ccf13
s390x	bluez-libs-5.72-2.el9.s390x.rpm	423179783b8d7a93cb80e6733c71f39587684c6e00494faec86ae38b48cce422
s390x	bluez-5.72-2.el9.s390x.rpm	69e123adbbe8a36fb8e9e171a3995e26cbcf0bf5ca96adc41b908c5b1629bcc3
s390x	bluez-libs-devel-5.72-2.el9.s390x.rpm	76ddbac006ca360de5c0aee9d3b32f358b2fe39c9e34c127f6639cb6bd6dc9d4
x86_64	bluez-obexd-5.72-2.el9.x86_64.rpm	00535aaa1598a3ff873e586f311eee9641d21517d6e5f5c475e9c89877415bd5
x86_64	bluez-libs-devel-5.72-2.el9.x86_64.rpm	2e092ba6b9d929bc5c915835700b0c34cfb3c7be99ff0474c21be527d5da3571
x86_64	bluez-libs-5.72-2.el9.x86_64.rpm	49c273813b4616240acdae8dae893192658c7541482f9bbb2c46dfe19b61877d
x86_64	bluez-cups-5.72-2.el9.x86_64.rpm	650473d95b8559c20731f6b770302deefa570ce705ff8731690668e2497f8f03
x86_64	bluez-5.72-2.el9.x86_64.rpm	aadf82f9fa8186e964f44017fcffa79ccfdba1a57b87ed23bb540bdb9c5c96f7

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.