Security update for bluez SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:0168-1 Final 1 1 2023-01-26T17:29:32Z current 2023-01-26T17:29:32Z 2023-01-26T17:29:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bluez This update for bluez fixes the following issues: - CVE-2022-39176: Fixed a memory safety issue that could allow physically proximate attackers to obtain sensitive information (bsc#1203121). - CVE-2022-39177: Fixed a memory safety issue that could allow physically proximate attackers to cause a denial of service (bsc#1203120). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-168,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-168,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-168,SUSE-SLE-Product-RT-15-SP3-2023-168,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-168,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-168,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-168,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-168,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-168,SUSE-Storage-7.1-2023-168 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20230168-1/ Link for SUSE-SU-2023:0168-1 https://lists.suse.com/pipermail/sle-security-updates/2023-January/013543.html E-Mail link for SUSE-SU-2023:0168-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1203120 SUSE Bug 1203120 https://bugzilla.suse.com/1203121 SUSE Bug 1203121 https://www.suse.com/security/cve/CVE-2022-39176/ SUSE CVE CVE-2022-39176 page https://www.suse.com/security/cve/CVE-2022-39177/ SUSE CVE CVE-2022-39177 page SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 bluez-5.55-150300.3.19.1 bluez-auto-enable-devices-5.55-150300.3.19.1 bluez-cups-5.55-150300.3.19.1 bluez-deprecated-5.55-150300.3.19.1 bluez-devel-5.55-150300.3.19.1 bluez-devel-32bit-5.55-150300.3.19.1 bluez-devel-64bit-5.55-150300.3.19.1 bluez-test-5.55-150300.3.19.1 libbluetooth3-5.55-150300.3.19.1 libbluetooth3-32bit-5.55-150300.3.19.1 libbluetooth3-64bit-5.55-150300.3.19.1 bluez-5.55-150300.3.19.1 as a component of SUSE Enterprise Storage 7.1 bluez-deprecated-5.55-150300.3.19.1 as a component of SUSE Enterprise Storage 7.1 bluez-devel-5.55-150300.3.19.1 as a component of SUSE Enterprise Storage 7.1 libbluetooth3-5.55-150300.3.19.1 as a component of SUSE Enterprise Storage 7.1 bluez-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS bluez-deprecated-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS bluez-devel-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS libbluetooth3-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS bluez-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS bluez-deprecated-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS bluez-devel-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS libbluetooth3-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS bluez-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise Real Time 15 SP3 bluez-deprecated-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise Real Time 15 SP3 bluez-devel-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise Real Time 15 SP3 libbluetooth3-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise Real Time 15 SP3 bluez-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS bluez-deprecated-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS bluez-devel-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS libbluetooth3-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS bluez-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 bluez-deprecated-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 bluez-devel-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 libbluetooth3-5.55-150300.3.19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 bluez-5.55-150300.3.19.1 as a component of SUSE Manager Proxy 4.2 bluez-deprecated-5.55-150300.3.19.1 as a component of SUSE Manager Proxy 4.2 libbluetooth3-5.55-150300.3.19.1 as a component of SUSE Manager Proxy 4.2 bluez-5.55-150300.3.19.1 as a component of SUSE Manager Retail Branch Server 4.2 bluez-deprecated-5.55-150300.3.19.1 as a component of SUSE Manager Retail Branch Server 4.2 libbluetooth3-5.55-150300.3.19.1 as a component of SUSE Manager Retail Branch Server 4.2 bluez-5.55-150300.3.19.1 as a component of SUSE Manager Server 4.2 bluez-deprecated-5.55-150300.3.19.1 as a component of SUSE Manager Server 4.2 libbluetooth3-5.55-150300.3.19.1 as a component of SUSE Manager Server 4.2 BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. CVE-2022-39176 SUSE Enterprise Storage 7.1:bluez-5.55-150300.3.19.1 SUSE Enterprise Storage 7.1:bluez-deprecated-5.55-150300.3.19.1 SUSE Enterprise Storage 7.1:bluez-devel-5.55-150300.3.19.1 SUSE Enterprise Storage 7.1:libbluetooth3-5.55-150300.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bluez-5.55-150300.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bluez-deprecated-5.55-150300.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bluez-devel-5.55-150300.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:libbluetooth3-5.55-150300.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bluez-5.55-150300.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bluez-deprecated-5.55-150300.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bluez-devel-5.55-150300.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libbluetooth3-5.55-150300.3.19.1 SUSE Linux Enterprise Real Time 15 SP3:bluez-5.55-150300.3.19.1 SUSE Linux Enterprise Real Time 15 SP3:bluez-deprecated-5.55-150300.3.19.1 SUSE Linux Enterprise Real Time 15 SP3:bluez-devel-5.55-150300.3.19.1 SUSE Linux Enterprise Real Time 15 SP3:libbluetooth3-5.55-150300.3.19.1 SUSE Linux Enterprise Server 15 SP3-LTSS:bluez-5.55-150300.3.19.1 SUSE Linux Enterprise Server 15 SP3-LTSS:bluez-deprecated-5.55-150300.3.19.1 SUSE Linux Enterprise Server 15 SP3-LTSS:bluez-devel-5.55-150300.3.19.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libbluetooth3-5.55-150300.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:bluez-5.55-150300.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:bluez-deprecated-5.55-150300.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:bluez-devel-5.55-150300.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libbluetooth3-5.55-150300.3.19.1 SUSE Manager Proxy 4.2:bluez-5.55-150300.3.19.1 SUSE Manager Proxy 4.2:bluez-deprecated-5.55-150300.3.19.1 SUSE Manager Proxy 4.2:libbluetooth3-5.55-150300.3.19.1 SUSE Manager Retail Branch Server 4.2:bluez-5.55-150300.3.19.1 SUSE Manager Retail Branch Server 4.2:bluez-deprecated-5.55-150300.3.19.1 SUSE Manager Retail Branch Server 4.2:libbluetooth3-5.55-150300.3.19.1 SUSE Manager Server 4.2:bluez-5.55-150300.3.19.1 SUSE Manager Server 4.2:bluez-deprecated-5.55-150300.3.19.1 SUSE Manager Server 4.2:libbluetooth3-5.55-150300.3.19.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20230168-1/ https://www.suse.com/security/cve/CVE-2022-39176.html CVE-2022-39176 https://bugzilla.suse.com/1203121 SUSE Bug 1203121 BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. CVE-2022-39177 SUSE Enterprise Storage 7.1:bluez-5.55-150300.3.19.1 SUSE Enterprise Storage 7.1:bluez-deprecated-5.55-150300.3.19.1 SUSE Enterprise Storage 7.1:bluez-devel-5.55-150300.3.19.1 SUSE Enterprise Storage 7.1:libbluetooth3-5.55-150300.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bluez-5.55-150300.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bluez-deprecated-5.55-150300.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:bluez-devel-5.55-150300.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:libbluetooth3-5.55-150300.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bluez-5.55-150300.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bluez-deprecated-5.55-150300.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:bluez-devel-5.55-150300.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libbluetooth3-5.55-150300.3.19.1 SUSE Linux Enterprise Real Time 15 SP3:bluez-5.55-150300.3.19.1 SUSE Linux Enterprise Real Time 15 SP3:bluez-deprecated-5.55-150300.3.19.1 SUSE Linux Enterprise Real Time 15 SP3:bluez-devel-5.55-150300.3.19.1 SUSE Linux Enterprise Real Time 15 SP3:libbluetooth3-5.55-150300.3.19.1 SUSE Linux Enterprise Server 15 SP3-LTSS:bluez-5.55-150300.3.19.1 SUSE Linux Enterprise Server 15 SP3-LTSS:bluez-deprecated-5.55-150300.3.19.1 SUSE Linux Enterprise Server 15 SP3-LTSS:bluez-devel-5.55-150300.3.19.1 SUSE Linux Enterprise Server 15 SP3-LTSS:libbluetooth3-5.55-150300.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:bluez-5.55-150300.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:bluez-deprecated-5.55-150300.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:bluez-devel-5.55-150300.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:libbluetooth3-5.55-150300.3.19.1 SUSE Manager Proxy 4.2:bluez-5.55-150300.3.19.1 SUSE Manager Proxy 4.2:bluez-deprecated-5.55-150300.3.19.1 SUSE Manager Proxy 4.2:libbluetooth3-5.55-150300.3.19.1 SUSE Manager Retail Branch Server 4.2:bluez-5.55-150300.3.19.1 SUSE Manager Retail Branch Server 4.2:bluez-deprecated-5.55-150300.3.19.1 SUSE Manager Retail Branch Server 4.2:libbluetooth3-5.55-150300.3.19.1 SUSE Manager Server 4.2:bluez-5.55-150300.3.19.1 SUSE Manager Server 4.2:bluez-deprecated-5.55-150300.3.19.1 SUSE Manager Server 4.2:libbluetooth3-5.55-150300.3.19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20230168-1/ https://www.suse.com/security/cve/CVE-2022-39177.html CVE-2022-39177 https://bugzilla.suse.com/1203120 SUSE Bug 1203120