Security update for bluez SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:0841-1 Final 1 1 2019-04-02T11:15:00Z current 2019-04-02T11:15:00Z 2019-04-02T11:15:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bluez This update for bluez fixes the following issues: Security issue fixed: - CVE-2016-9918: Fixed a out-of-bound read in the packet_hexdump function (bsc#1015173) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2019-841,SUSE-SLE-Module-Basesystem-15-2019-841,SUSE-SLE-Module-Desktop-Applications-15-2019-841,SUSE-SLE-Module-Development-Tools-OBS-15-2019-841,SUSE-SLE-Product-WE-15-2019-841 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20190841-1/ Link for SUSE-SU-2019:0841-1 https://lists.suse.com/pipermail/sle-security-updates/2019-April/005283.html E-Mail link for SUSE-SU-2019:0841-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1015173 SUSE Bug 1015173 https://www.suse.com/security/cve/CVE-2016-9918/ SUSE CVE CVE-2016-9918 page SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Workstation Extension 15 bluez-5.48-5.13.10 bluez-auto-enable-devices-5.48-5.13.10 bluez-cups-5.48-5.13.10 bluez-devel-5.48-5.13.10 bluez-devel-32bit-5.48-5.13.10 bluez-devel-64bit-5.48-5.13.10 bluez-test-5.48-5.13.10 libbluetooth3-5.48-5.13.10 libbluetooth3-32bit-5.48-5.13.10 libbluetooth3-64bit-5.48-5.13.10 libbluetooth3-5.48-5.13.10 as a component of SUSE Linux Enterprise Module for Basesystem 15 bluez-5.48-5.13.10 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 bluez-devel-5.48-5.13.10 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 bluez-cups-5.48-5.13.10 as a component of SUSE Linux Enterprise Workstation Extension 15 In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. CVE-2016-9918 SUSE Linux Enterprise Module for Basesystem 15:libbluetooth3-5.48-5.13.10 SUSE Linux Enterprise Module for Desktop Applications 15:bluez-5.48-5.13.10 SUSE Linux Enterprise Module for Desktop Applications 15:bluez-devel-5.48-5.13.10 SUSE Linux Enterprise Workstation Extension 15:bluez-cups-5.48-5.13.10 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20190841-1/ https://www.suse.com/security/cve/CVE-2016-9918.html CVE-2016-9918 https://bugzilla.suse.com/1013893 SUSE Bug 1013893 https://bugzilla.suse.com/1015173 SUSE Bug 1015173