Debian-LTS has issued an advisory on October 21:
The issue is fixed upstream in 5.55.
If there's a fix for Bug 27314, we'd want to include that too.
SUSE has issued an advisory for this on October 26:
openSUSE has issued an advisory for this on November 9:
The updated packages fix a security vulnerability:
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. (CVE-2020-27153)
Updated packages in core/updates_testing:
Mageia 7 Plasma x86_64
This update installs:
Reboot is fine.
Using a Bluetooth Headphone is OK:
Unpairing it then Pairing it are OK.
Play some music through this device is OK.
Pairing smartphone is OK.
M7 system plays sounds from my Xiaomi Smartphone while receiving notifications.
Audio phone calls through Bluetooth is OK too.
Validating this update. Packages and Advisory in Comment 4.
Advisory pushed to SVN.
(In reply to David Walser from comment #1)
> If there's a fix for Bug 27314, we'd want to include that too.
Reported upstream for Bluez 5.55.
An update for this issue has been pushed to the Mageia Updates repository.