]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: f2ccf56) | patch
bluez5: fix out-of-bounds access in SDP server (CVE-2017-1000250)
authorRoss Burton <ross.burton@intel.com>
Wed, 13 Sep 2017 19:11:52 +0000 (20:11 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 13 Sep 2017 21:13:34 +0000 (22:13 +0100)
commit7351e0b260876b9bbc8660c2bb4173ab4c130f8b
tree3740581518d0d21433e4164ec27ec8471a8b4fb4tree | snapshot
parentf2ccf56778433ec16f44eecaa10a610a6630df50commit | diff
bluez5: fix out-of-bounds access in SDP server (CVE-2017-1000250)

All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an
information disclosure vulnerability which allows remote attackers to obtain
sensitive information from the bluetoothd process memory. This vulnerability
lies in the processing of SDP search attribute requests.

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-connectivity/bluez5/bluez5.inc diff | blob | history
meta/recipes-connectivity/bluez5/bluez5/cve-2017-1000250.patch [new file with mode: 0644] blob
Mirror of the official openembedded-core repository