[ubuntu/eoan-security] bluez 5.50-0ubuntu5.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Mar 30 14:13:46 UTC 2020
bluez (5.50-0ubuntu5.1) eoan-security; urgency=medium
* SECURITY UPDATE: privilege escalation via improper access control
- debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from
bonded devices in profiles/input/hog.c.
- debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device
connections only in profiles/input/device.c, profiles/input/device.h,
profiles/input/input.conf, profiles/input/manager.c.
- debian/patches/CVE-2020-0556-3.patch: attempt to set security level
if not bonded in profiles/input/hog.c.
- debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to
input.conf in profiles/input/device.h, profiles/input/hog.c,
profiles/input/input.conf, profiles/input/manager.c.
- CVE-2020-0556
Date: 2020-03-23 13:28:16.612684+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Maintainer: Bluetooth <ubuntu-bluetooth at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/bluez/5.50-0ubuntu5.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Eoan-changes
mailing list