Security update for bluez SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:2900-1 Final 1 1 2022-08-25T18:36:02Z current 2022-08-25T18:36:02Z 2022-08-25T18:36:02Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bluez This update for bluez fixes the following issues: - CVE-2019-8922: Fixed a buffer overflow in the implementation of the Service Discovery Protocol (bsc#1193227). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-2900,SUSE-OpenStack-Cloud-9-2022-2900,SUSE-OpenStack-Cloud-Crowbar-9-2022-2900,SUSE-SLE-SAP-12-SP4-2022-2900,SUSE-SLE-SDK-12-SP5-2022-2900,SUSE-SLE-SERVER-12-SP2-BCL-2022-2900,SUSE-SLE-SERVER-12-SP3-BCL-2022-2900,SUSE-SLE-SERVER-12-SP4-LTSS-2022-2900,SUSE-SLE-SERVER-12-SP5-2022-2900,SUSE-SLE-WE-12-SP5-2022-2900 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20222900-1/ Link for SUSE-SU-2022:2900-1 https://lists.suse.com/pipermail/sle-security-updates/2022-August/011994.html E-Mail link for SUSE-SU-2022:2900-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1193227 SUSE Bug 1193227 https://www.suse.com/security/cve/CVE-2019-8922/ SUSE CVE CVE-2019-8922 page SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 bluez-5.13-5.26.1 bluez-cups-5.13-5.26.1 bluez-devel-5.13-5.26.1 bluez-devel-32bit-5.13-5.26.1 bluez-devel-64bit-5.13-5.26.1 bluez-test-5.13-5.26.1 libbluetooth3-5.13-5.26.1 libbluetooth3-32bit-5.13-5.26.1 libbluetooth3-64bit-5.13-5.26.1 bluez-5.13-5.26.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libbluetooth3-5.13-5.26.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL bluez-5.13-5.26.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libbluetooth3-5.13-5.26.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL bluez-5.13-5.26.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libbluetooth3-5.13-5.26.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS bluez-5.13-5.26.1 as a component of SUSE Linux Enterprise Server 12 SP5 libbluetooth3-5.13-5.26.1 as a component of SUSE Linux Enterprise Server 12 SP5 bluez-5.13-5.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libbluetooth3-5.13-5.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 bluez-5.13-5.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libbluetooth3-5.13-5.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 bluez-devel-5.13-5.26.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 bluez-cups-5.13-5.26.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 bluez-5.13-5.26.1 as a component of SUSE OpenStack Cloud 9 libbluetooth3-5.13-5.26.1 as a component of SUSE OpenStack Cloud 9 bluez-5.13-5.26.1 as a component of SUSE OpenStack Cloud Crowbar 9 libbluetooth3-5.13-5.26.1 as a component of SUSE OpenStack Cloud Crowbar 9 A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer. CVE-2019-8922 SUSE Linux Enterprise Server 12 SP2-BCL:bluez-5.13-5.26.1 SUSE Linux Enterprise Server 12 SP2-BCL:libbluetooth3-5.13-5.26.1 SUSE Linux Enterprise Server 12 SP3-BCL:bluez-5.13-5.26.1 SUSE Linux Enterprise Server 12 SP3-BCL:libbluetooth3-5.13-5.26.1 SUSE Linux Enterprise Server 12 SP4-LTSS:bluez-5.13-5.26.1 SUSE Linux Enterprise Server 12 SP4-LTSS:libbluetooth3-5.13-5.26.1 SUSE Linux Enterprise Server 12 SP5:bluez-5.13-5.26.1 SUSE Linux Enterprise Server 12 SP5:libbluetooth3-5.13-5.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:bluez-5.13-5.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libbluetooth3-5.13-5.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:bluez-5.13-5.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libbluetooth3-5.13-5.26.1 SUSE Linux Enterprise Software Development Kit 12 SP5:bluez-devel-5.13-5.26.1 SUSE Linux Enterprise Workstation Extension 12 SP5:bluez-cups-5.13-5.26.1 SUSE OpenStack Cloud 9:bluez-5.13-5.26.1 SUSE OpenStack Cloud 9:libbluetooth3-5.13-5.26.1 SUSE OpenStack Cloud Crowbar 9:bluez-5.13-5.26.1 SUSE OpenStack Cloud Crowbar 9:libbluetooth3-5.13-5.26.1 important 5.8 AV:A/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222900-1/ https://www.suse.com/security/cve/CVE-2019-8922.html CVE-2019-8922 https://bugzilla.suse.com/1193227 SUSE Bug 1193227