]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: b835e9b) | patch
bluez5: fix out-of-bounds access in SDP server (CVE-2017-1000250)
authorRoss Burton <ross.burton@intel.com>
Thu, 14 Sep 2017 12:27:53 +0000 (13:27 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 10 Oct 2017 16:26:26 +0000 (17:26 +0100)
commit8878d599cbc48b700f393d94657fe39db06fd533
tree7a4b5ab1c0584f55dbc4d7e686b908499bbe7c6ftree | snapshot
parentb835e9bf9da6ebc8fd5728b4587470e9a57d5966commit | diff
bluez5: fix out-of-bounds access in SDP server (CVE-2017-1000250)

All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an
information disclosure vulnerability which allows remote attackers to obtain
sensitive information from the bluetoothd process memory. This vulnerability
lies in the processing of SDP search attribute requests.

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-connectivity/bluez5/bluez5.inc diff | blob | history
meta/recipes-connectivity/bluez5/bluez5/cve-2017-1000250.patch [new file with mode: 0644] blob
Mirror of the official openembedded-core repository