SUSE-SU-2019:1339-1

Details

This update for bluez fixes the following issues:

Security vulnerability addressed:

CVE-2016-9797: Fixed a buffer over-read in l2cap_dump() (bsc#1013708).
CVE-2016-9798: Fixed a use-after-free in conf_opt() (bsc#1013712).
CVE-2016-9917: Fixed a heap-based buffer overflow in read_n() (bsc#1015171).
CVE-2016-9802: Fixed a buffer over-read in l2cap_packet() (bsc#1013893).
CVE-2016-9918: Fixed an out-of-bounds stack read in packet_hexdump(), which could be triggered by processing a corrupted dump file and will result in a crash of the hcidump tool (bsc#1015173)

Affected Packages

bluez

SUSE Linux Enterprise Desktop 12 SP3SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP3SUSE Linux Enterprise Server 12 SP4SUSE Linux Enterprise Server for SAP Applications 12 SP3

Fixed in:

5.13-5.12.1

bluez-cups

SUSE Linux Enterprise Desktop 12 SP3SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Workstation Extension 12 SP3SUSE Linux Enterprise Workstation Extension 12 SP4

Fixed in:

5.13-5.12.1

libbluetooth3

SUSE Linux Enterprise Desktop 12 SP3SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP3SUSE Linux Enterprise Server 12 SP4SUSE Linux Enterprise Server for SAP Applications 12 SP3

Fixed in:

5.13-5.12.1

bluez-devel

SUSE Linux Enterprise Software Development Kit 12 SP3SUSE Linux Enterprise Software Development Kit 12 SP4

Fixed in:

5.13-5.12.1

References

REPORT

https://bugzilla.suse.com/1013708

REPORT

https://bugzilla.suse.com/1013712

REPORT