[CLSA-2025:1755113613] bluez: Fix of 2 CVEs
Type:
security
Severity:
Important
Release date:
2025-08-13 19:33:37 UTC
Description:
- CVE-2023-50229: fix heap-based buffer overflow vulnerability in handling Phone Book Access profile by adding proper validation of user-supplied data length before copying to buffer - CVE-2023-50230: fix heap-based buffer overflow vulnerability in Phone Book Access profile to prevent arbitrary code execution by validating user-supplied data length before copying to buffer
Updated packages:
  • bluez-5.64-2.el9.tuxcare.els2.x86_64.rpm
    sha:67ee1f7ebfc83186e55bbffbe90aeb18edc82dc732738683de1e01c89f5dd749
  • bluez-cups-5.64-2.el9.tuxcare.els2.x86_64.rpm
    sha:b4ea55b5043ce74899355664e8389df8d3aee0962894eb4ed2d5e0e61f6f053b
  • bluez-hid2hci-5.64-2.el9.tuxcare.els2.x86_64.rpm
    sha:b9c96615f37cf4a825e147e843999474409a6ddf352a5aa05d2d3feb59f1212e
  • bluez-libs-5.64-2.el9.tuxcare.els2.i686.rpm
    sha:97d2fb0b27be11fa003b903da59a2f0818676787bd3f4a5b17ba56fa0e537eaf
  • bluez-libs-5.64-2.el9.tuxcare.els2.x86_64.rpm
    sha:73018d6c2f380e97b00dac45d4fa0908dc4e8f27933d2b9177597e38394549c8
  • bluez-libs-devel-5.64-2.el9.tuxcare.els2.i686.rpm
    sha:a6d8035af4249b823c9216fac90dcdf276ccb3b95473a645f4b718b49f1de5d1
  • bluez-libs-devel-5.64-2.el9.tuxcare.els2.x86_64.rpm
    sha:f5b654408bffa1bff81eed4058c2bba18817c0063b39c213c35e30b229620cb6
  • bluez-mesh-5.64-2.el9.tuxcare.els2.x86_64.rpm
    sha:cdd08d65d228d7f31f5ac6fa9859a08a307c3708e3db69a93b9e5160612fe54a
  • bluez-obexd-5.64-2.el9.tuxcare.els2.x86_64.rpm
    sha:995e8a1a7647f921f14c30cd9b8327556e9e8486a5a785fb4dd7c715a16d8d30
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.