Security update for bluez SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:0918-1 Final 1 1 2020-04-03T13:10:40Z current 2020-04-03T13:10:40Z 2020-04-03T13:10:40Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bluez This update for bluez fixes the following issues: - CVE-2020-0556: Fixed an improper access control which could have allowed an unauthenticated user to potentially enable escalation of privilege and denial of service (bsc#1166751). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2020-918,SUSE-SLE-Module-Basesystem-15-SP1-2020-918,SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-918,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-918,SUSE-SLE-Product-WE-15-SP1-2020-918 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20200918-1/ Link for SUSE-SU-2020:0918-1 https://lists.suse.com/pipermail/sle-security-updates/2020-April/006674.html E-Mail link for SUSE-SU-2020:0918-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1166751 SUSE Bug 1166751 https://www.suse.com/security/cve/CVE-2020-0556/ SUSE CVE CVE-2020-0556 page SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SP1 bluez-5.48-5.25.1 bluez-auto-enable-devices-5.48-5.25.1 bluez-cups-5.48-5.25.1 bluez-devel-5.48-5.25.1 bluez-devel-32bit-5.48-5.25.1 bluez-devel-64bit-5.48-5.25.1 bluez-test-5.48-5.25.1 libbluetooth3-5.48-5.25.1 libbluetooth3-32bit-5.48-5.25.1 libbluetooth3-64bit-5.48-5.25.1 libbluetooth3-5.48-5.25.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 bluez-5.48-5.25.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 bluez-devel-5.48-5.25.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 bluez-cups-5.48-5.25.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP1 Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access CVE-2020-0556 SUSE Linux Enterprise Module for Basesystem 15 SP1:libbluetooth3-5.48-5.25.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:bluez-5.48-5.25.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:bluez-devel-5.48-5.25.1 SUSE Linux Enterprise Workstation Extension 15 SP1:bluez-cups-5.48-5.25.1 moderate 5.8 AV:A/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20200918-1/ https://www.suse.com/security/cve/CVE-2020-0556.html CVE-2020-0556 https://bugzilla.suse.com/1166751 SUSE Bug 1166751