Ubuntu Security Notice USN-6809-1

Ubuntu Security Notice USN-6809-1: Posted Jun 6, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6809-1 - It was discovered that BlueZ could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. It was discovered that BlueZ could be made to write out of bounds. If a user were tricked into connecting to a malicious device, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.; tags | advisory, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2022-3563, CVE-2023-27349; SHA-256 | d43f51bf18d2d4aa027adb5ecbad8acd3cd09a226784864c4ded58b63f7148a4; Download | Favorite | View

Ubuntu Security Notice USN-6809-1

==========================================================================
Ubuntu Security Notice USN-6809-1
June 05, 2024

bluez vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in BlueZ.

Software Description:
- bluez: Bluetooth tools and daemons

Details:

It was discovered that BlueZ could be made to dereference invalid memory.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 22.04 LTS. (CVE-2022-3563)

It was discovered that BlueZ could be made to write out of bounds. If a
user were tricked into connecting to a malicious device, an attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. (CVE-2023-27349)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   bluez                           5.64-0ubuntu1.3
   bluez-tests                     5.64-0ubuntu1.3
   libbluetooth3                   5.64-0ubuntu1.3

Ubuntu 20.04 LTS
   bluez                           5.53-0ubuntu3.8
   libbluetooth3                   5.53-0ubuntu3.8

Ubuntu 18.04 LTS
   bluez                           5.48-0ubuntu3.9+esm2
                                   Available with Ubuntu Pro
   libbluetooth3                   5.48-0ubuntu3.9+esm2
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   bluez                           5.37-0ubuntu5.3+esm4
                                   Available with Ubuntu Pro
   libbluetooth3                   5.37-0ubuntu5.3+esm4
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6809-1
   CVE-2022-3563, CVE-2023-27349

Package Information:
   https://launchpad.net/ubuntu/+source/bluez/5.64-0ubuntu1.3
   https://launchpad.net/ubuntu/+source/bluez/5.53-0ubuntu3.8

Top Authors In Last 30 Days

Red Hat 308 files
Ubuntu 67 files
Debian 24 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

Ubuntu Security Notice USN-6809-1

Ubuntu Security Notice USN-6809-1

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-6809-1

Share This

Ubuntu Security Notice USN-6809-1

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems