+++ This bug was initially created as a clone of Bug #30556 +++ Ubuntu has issued an advisory on June 15: https://ubuntu.com/security/notices/USN-5481-1 The issues are fixed upstream in 5.60. Debian-LTS has issued an advisory for this today (October 24): https://www.debian.org/lts/security/2022/dla-3157 We already included three of the four commits in Bug 30556, but there was an additional commit in 5.61 for this: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e21680c9355a0f9d5ef6d4a5ae032de274e87b37 and there are now CVEs for this.
There's also CVE-2016-9803, which was apparently never fixed upstream, so we can fix that too since SUSE has a fix: https://lists.suse.com/pipermail/sle-security-updates/2022-October/012661.html
For Mga8, I added the missing commit in SVN. I cannot find, for the moment, the patch for CVE-2016-9803.
https://build.opensuse.org/package/view_file/SUSE:SLE-12-SP5:Update/bluez/tools-Fix-memory-leak.patch?expand=1
Thanks for the link! After trying to apply the patch, either on Cauldron or on Mga8, I got the error saying that the patch was already applied. Reading the code confirms the fact that the code already contains the fix for CVE-2016-9803.
Suggested advisory: ======================== The updated packages add one additional fix for security vulnerabilities. References: https://ubuntu.com/security/notices/USN-5481-1 https://www.debian.org/lts/security/2022/dla-3157 ======================== Updated packages in core/updates_testing: ======================== bluez-5.55-3.7.mga8 bluez-cups-5.55-3.7.mga8 bluez-hid2hci-5.55-3.7.mga8 bluez-mesh-5.55-3.7.mga8 lib(64)bluez3-5.55-3.7.mga8 lib(64)bluez-devel-5.55-3.7.mga8 from SRPM: bluez-5.55-3.7.mga8.src.rpm
Assignee: nicolas.salguero => qa-bugsCC: (none) => nicolas.salgueroStatus: NEW => ASSIGNED
MGA8-64 MATE on Acer Aspire 5253 No installation issues. This laptop should have a working bluetooth (Broadcom wifi), but I cann't get it to work. bluetoothd runs, bur # bluetoothctl Waiting to connect to bluetoothd... and Godot is still not there..... Giving up for others with a working setup. Here no other impact on the system.
CC: (none) => herman.viaene
mga8, x64 Updated these without issues. # systemctl restart bluetooth Used the blueman icon to restore the connection to a bluetooth speaker. pavucontrol to configure the audio connection and all was well. It is not always this easy but seems to be OK this time.
CC: (none) => tarazed25Whiteboard: (none) => MGA8-64-OK
Validating. Advisory in Comment 5.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0411.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED