Lucene search

Gentoo FoundationMGASA-2020-0419

HistoryNov 14, 2020 - 12:20 a.m.

Updated bluez packages fix a security vulnerability

2020-11-1400:20:36

Gentoo Foundation

advisories.mageia.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

0.05 Low

EPSS

Percentile

92.9%

JSON

In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. (CVE-2020-27153)

OSVersionArchitecturePackageVersionFilename
Mageia7noarchbluez< 5.54-1.1bluez-5.54-1.1.mga7

OS	Version	Architecture	Package	Version	Filename
Mageia	7	noarch	bluez	< 5.54-1.1	bluez-5.54-1.1.mga7

References

bugs.mageia.org/show_bug.cgi?id=27486

lists.opensuse.org/opensuse-security-announce/2020-11/msg00036.html

lists.suse.com/pipermail/sle-security-updates/2020-October/007623.html

www.debian.org/lts/security/2020/dla-2410

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

0.05 Low

EPSS

Percentile

92.9%

JSON

Related for MGASA-2020-0419