Bug 27486 - bluez new security issue CVE-2020-27153
Summary: bluez new security issue CVE-2020-27153
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-10-29 16:54 CET by David Walser
Modified: 2020-11-13 22:22 CET (History)
3 users (show)

See Also:
Source RPM: bluez-5.54-1.mga7.src.rpm
CVE: CVE-2020-27153
Status comment:


Attachments

Description David Walser 2020-10-29 16:54:53 CET
Debian-LTS has issued an advisory on October 21:
https://www.debian.org/lts/security/2020/dla-2410

The issue is fixed upstream in 5.55.
David Walser 2020-10-29 16:55:02 CET

CC: (none) => nicolas.salguero

Comment 1 David Walser 2020-10-29 16:55:53 CET
If there's a fix for Bug 27314, we'd want to include that too.

Assignee: bugsquad => shlomif

Comment 2 David Walser 2020-10-29 17:22:36 CET
SUSE has issued an advisory for this on October 26:
https://lists.suse.com/pipermail/sle-security-updates/2020-October/007623.html
Comment 3 David Walser 2020-11-11 00:49:14 CET
openSUSE has issued an advisory for this on November 9:
https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00036.html
Comment 4 Nicolas Salguero 2020-11-13 09:19:07 CET
Suggested advisory:
========================

The updated packages fix a security vulnerability:

In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. (CVE-2020-27153)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27153
https://www.debian.org/lts/security/2020/dla-2410
https://lists.suse.com/pipermail/sle-security-updates/2020-October/007623.html
https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00036.html
========================

Updated packages in core/updates_testing:
========================
bluez-5.54-1.1.mga7
bluez-cups-5.54-1.1.mga7
bluez-hid2hci-5.54-1.1.mga7
lib(64)bluez3-5.54-1.1.mga7
lib(64)bluez-devel-5.54-1.1.mga7

from SRPM:
bluez-5.54-1.1.mga7.src.rpm

Status: NEW => ASSIGNED
CVE: (none) => CVE-2020-27153
Assignee: shlomif => qa-bugs

Comment 5 Aurelien Oudelet 2020-11-13 18:16:48 CET
Mageia 7 Plasma x86_64
This update installs:
bluez-5.54-1.1.mga7
bluez-cups-5.54-1.1.mga7
bluez-hid2hci-5.54-1.1.mga7
lib(64)bluez3-5.54-1.1.mga7

Installation OK.
Reboot is fine.
Using a Bluetooth Headphone is OK:
Unpairing it then Pairing it are OK.
Play some music through this device is OK.

Pairing smartphone is OK.
M7 system plays sounds from my Xiaomi Smartphone while receiving notifications.
Audio phone calls through Bluetooth is OK too.

MGA7-64-OK
Validating this update. Packages and Advisory in Comment 4.
Advisory pushed to SVN.

(In reply to David Walser from comment #1)
> If there's a fix for Bug 27314, we'd want to include that too.
Reported upstream for Bluez 5.55.
https://github.com/bluez/bluez/issues/51

CC: (none) => ouaurelien, sysadmin-bugs
Whiteboard: (none) => MGA7-64-OK
Keywords: (none) => advisory, validated_update

Comment 6 Mageia Robot 2020-11-13 22:22:11 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0419.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.