[SECURITY] [DLA 2410-1] bluez security update

2020-10-2115:52:09

lists.debian.org

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.05 Low

EPSS

Percentile

92.7%

JSON

Debian LTS Advisory DLA-2410-1 [email protected]
https://www.debian.org/lts/security/ Chris Lamb
October 21, 2020 https://wiki.debian.org/LTS

Package : bluez
Version : 5.43-2+deb9u3
CVE ID : CVE-2020-27153

It was discovered that there was a double-free vulnerability in
bluez, a suite of Bluetooth tools, utilities and daemons.

For Debian 9 "Stretch", this problem has been fixed in version
5.43-2+deb9u3.

We recommend that you upgrade your bluez packages.

For the detailed security status of bluez please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/bluez

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10armhfbluez-cups-dbgsym< 5.50-1.2~deb10u2bluez-cups-dbgsym_5.50-1.2~deb10u2_armhf.deb
Debian9arm64libbluetooth3-dbg< 5.43-2+deb9u3libbluetooth3-dbg_5.43-2+deb9u3_arm64.deb
Debian9i386bluez-test-tools< 5.43-2+deb9u3bluez-test-tools_5.43-2+deb9u3_i386.deb
Debian10armelbluez< 5.50-1.2~deb10u2bluez_5.50-1.2~deb10u2_armel.deb
Debian9armelbluez-cups< 5.43-2+deb9u3bluez-cups_5.43-2+deb9u3_armel.deb
Debian9amd64libbluetooth-dev< 5.43-2+deb9u3libbluetooth-dev_5.43-2+deb9u3_amd64.deb
Debian10i386bluez-cups-dbgsym< 5.50-1.2~deb10u2bluez-cups-dbgsym_5.50-1.2~deb10u2_i386.deb
Debian10armhflibbluetooth3< 5.50-1.2~deb10u2libbluetooth3_5.50-1.2~deb10u2_armhf.deb
Debian9armhflibbluetooth-dev< 5.43-2+deb9u3libbluetooth-dev_5.43-2+deb9u3_armhf.deb
Debian10i386bluez-obexd-dbgsym< 5.50-1.2~deb10u2bluez-obexd-dbgsym_5.50-1.2~deb10u2_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	armhf	bluez-cups-dbgsym	< 5.50-1.2~deb10u2	bluez-cups-dbgsym_5.50-1.2~deb10u2_armhf.deb
Debian	9	arm64	libbluetooth3-dbg	< 5.43-2+deb9u3	libbluetooth3-dbg_5.43-2+deb9u3_arm64.deb
Debian	9	i386	bluez-test-tools	< 5.43-2+deb9u3	bluez-test-tools_5.43-2+deb9u3_i386.deb
Debian	10	armel	bluez	< 5.50-1.2~deb10u2	bluez_5.50-1.2~deb10u2_armel.deb
Debian	9	armel	bluez-cups	< 5.43-2+deb9u3	bluez-cups_5.43-2+deb9u3_armel.deb
Debian	9	amd64	libbluetooth-dev	< 5.43-2+deb9u3	libbluetooth-dev_5.43-2+deb9u3_amd64.deb
Debian	10	i386	bluez-cups-dbgsym	< 5.50-1.2~deb10u2	bluez-cups-dbgsym_5.50-1.2~deb10u2_i386.deb
Debian	10	armhf	libbluetooth3	< 5.50-1.2~deb10u2	libbluetooth3_5.50-1.2~deb10u2_armhf.deb
Debian	9	armhf	libbluetooth-dev	< 5.43-2+deb9u3	libbluetooth-dev_5.43-2+deb9u3_armhf.deb
Debian	10	i386	bluez-obexd-dbgsym	< 5.50-1.2~deb10u2	bluez-obexd-dbgsym_5.50-1.2~deb10u2_i386.deb