Updated bluez packages fix security vulnerabilities
Publication date: 26 Mar 2025Modification date: 26 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-44431 , CVE-2023-51580 , CVE-2023-51589 , CVE-2023-51592 , CVE-2023-51594 , CVE-2023-51596
Description
BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code
Execution Vulnerability. (CVE-2023-44431)
BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read
Information Disclosure Vulnerability. (CVE-2023-51580)
BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read
Information Disclosure Vulnerability. (CVE-2023-51589)
BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read
Information Disclosure Vulnerability. (CVE-2023-51592)
BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure
Vulnerability. (CVE-2023-51594)
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code
Execution Vulnerability. (CVE-2023-51596)
References
- https://bugs.mageia.org/show_bug.cgi?id=34123
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KKJVC5RPR5AMR4ZTMHWP7TATS4SY47/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44431
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51580
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51589
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51592
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51594
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51596
SRPMS
9/core
- bluez-5.80-1.mga9