|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2016-9801: bluez: buffer overflow in set_ext_ctrl() | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Matthias Gerstner <matthias.gerstner> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Minor | ||
| Priority: | P3 - Medium | CC: | atoptsoglou, matthias.gerstner, smash_bz |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/177094/ | ||
| Whiteboard: | CVSSv2:SUSE:CVE-2016-9801:1.2:(AV:L/AC:H/Au:N/C:N/I:N/A:P) CVSSv2:NVD:CVE-2016-9801:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVSSv3:NVD:CVE-2016-9801:5.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVSSv3:RedHat:CVE-2016-9801:2.5:(AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) CVSSv2:RedHat:CVE-2016-9801:1.2:(AV:L/AC:H/Au:N/C:N/I:N/A:P) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | 1013712 | ||
| Bug Blocks: | |||
| Attachments: | dump file to reproduce the issue | ||
|
Description
Matthias Gerstner
2016-12-05 17:20:15 UTC
Created attachment 704880 [details]
dump file to reproduce the issue
The affected code is only contained in SLE-12-* codestreams. QA reproducer: Using the attached dump file I was not able to show any symptoms of the issue. The best we can do is this: valgrind hcidump -a -r CVE-2016-9801 But as the discoverer of the bug states this bug only shows when the binary has been built with '-fsanitize=address'. valgrind only shows messages about undefined values, which may also be related to the issue but I'm not sure about it. bugbot adjusting priority SUSE-SU-2018:4188-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1013721,1013732 CVE References: CVE-2016-9800,CVE-2016-9801 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP4 (src): bluez-5.13-5.7.1 SUSE Linux Enterprise Workstation Extension 12-SP3 (src): bluez-5.13-5.7.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): bluez-5.13-5.7.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): bluez-5.13-5.7.1 SUSE Linux Enterprise Server 12-SP4 (src): bluez-5.13-5.7.1 SUSE Linux Enterprise Server 12-SP3 (src): bluez-5.13-5.7.1 SUSE Linux Enterprise Desktop 12-SP4 (src): bluez-5.13-5.7.1 SUSE Linux Enterprise Desktop 12-SP3 (src): bluez-5.13-5.7.1 SUSE-SU-2018:4189-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1013721,1013732 CVE References: CVE-2016-9800,CVE-2016-9801 Sources used: SUSE Linux Enterprise Workstation Extension 15 (src): bluez-5.48-5.8.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): bluez-5.48-5.8.1 SUSE Linux Enterprise Module for Desktop Applications 15 (src): bluez-5.48-5.8.1 SUSE Linux Enterprise Module for Basesystem 15 (src): bluez-5.48-5.8.1 openSUSE-SU-2018:4259-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1013721,1013732 CVE References: CVE-2016-9800,CVE-2016-9801 Sources used: openSUSE Leap 15.0 (src): bluez-5.48-lp150.4.6.1 SUSE-SU-2019:0510-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 1013721,1013732,1013877,1015173,1026652,1057342 CVE References: CVE-2016-7837,CVE-2016-9800,CVE-2016-9801,CVE-2016-9804,CVE-2016-9918,CVE-2017-1000250 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): bluez-5.13-3.10.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): bluez-5.13-3.10.1 SUSE Linux Enterprise Server 12-LTSS (src): bluez-5.13-3.10.1 Done |