Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-7837 (GCVE-0-2016-7837)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI?
EPSS
Summary
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.
Severity ?
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlueZ Project | BlueZ |
Affected:
5.41 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#38755305",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN38755305/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601"
},
{
"name": "95067",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95067"
},
{
"name": "USN-4311-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4311-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BlueZ",
"vendor": "BlueZ Project",
"versions": [
{
"status": "affected",
"version": "5.41 and earlier"
}
]
}
],
"datePublic": "2016-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T23:06:04",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#38755305",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN38755305/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601"
},
{
"name": "95067",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95067"
},
{
"name": "USN-4311-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4311-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BlueZ",
"version": {
"version_data": [
{
"version_value": "5.41 and earlier"
}
]
}
}
]
},
"vendor_name": "BlueZ Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#38755305",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN38755305/index.html"
},
{
"name": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601"
},
{
"name": "95067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95067"
},
{
"name": "USN-4311-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4311-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7837",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:04:56.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.41\", \"matchCriteriaId\": \"72A099E5-13B3-49FB-9DD9-801BD11156BC\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.\"}, {\"lang\": \"es\", \"value\": \"Ddesbordamiento de b\\u00fafer en BlueZ 5.41 y versiones anteriores, permite a un atacante ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de la funci\\u00f3n parse_line utilizada en algunas utilidades de userland.\"}]",
"id": "CVE-2016-7837",
"lastModified": "2024-11-21T02:58:34.187",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2017-06-09T16:29:01.297",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/95067\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN38755305/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://usn.ubuntu.com/4311-1/\", \"source\": \"vultures@jpcert.or.jp\"}, {\"url\": \"http://www.securityfocus.com/bid/95067\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN38755305/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://usn.ubuntu.com/4311-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-7837\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2017-06-09T16:29:01.297\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.\"},{\"lang\":\"es\",\"value\":\"Ddesbordamiento de b\u00fafer en BlueZ 5.41 y versiones anteriores, permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n parse_line utilizada en algunas utilidades de userland.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.41\",\"matchCriteriaId\":\"72A099E5-13B3-49FB-9DD9-801BD11156BC\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/95067\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN38755305/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://usn.ubuntu.com/4311-1/\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"http://www.securityfocus.com/bid/95067\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN38755305/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://usn.ubuntu.com/4311-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CNVD-2016-13102
Vulnerability from cnvd - Published: 2016-12-26
VLAI Severity ?
Title
BlueZ本地缓冲区溢出漏洞
Description
BlueZ是一套官方的Linux蓝牙协议栈。
BlueZ 5.41及之前的版本中存在本地缓冲区溢出漏洞。攻击者可利用该漏洞造成受影响应用程序崩溃,导致拒绝服务或执行任意代码。
Severity
中
Patch Name
BlueZ本地缓冲区溢出漏洞的补丁
Patch Description
BlueZ是一套官方的Linux蓝牙协议栈。
BlueZ 5.41及之前的版本中存在本地缓冲区溢出漏洞。攻击者可利用该漏洞造成受影响应用程序崩溃,导致拒绝服务或执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: http://www.bluez.org/release-of-bluez-5-42/
Reference
http://www.securityfocus.com/bid/95067
Impacted products
| Name | Bluez Bluez <=5.41 |
|---|
{
"bids": {
"bid": {
"bidNumber": "95067"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-7837"
}
},
"description": "BlueZ\u662f\u4e00\u5957\u5b98\u65b9\u7684Linux\u84dd\u7259\u534f\u8bae\u6808\u3002\r\n\r\nBlueZ 5.41\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u672c\u5730\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "Hiroki MATSUKUMA of Cyber Defense Institute, Inc.",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.bluez.org/release-of-bluez-5-42/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-13102",
"openTime": "2016-12-26",
"patchDescription": "BlueZ\u662f\u4e00\u5957\u5b98\u65b9\u7684Linux\u84dd\u7259\u534f\u8bae\u6808\u3002\r\n\r\nBlueZ 5.41\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u672c\u5730\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "BlueZ\u672c\u5730\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Bluez Bluez \u003c=5.41"
},
"referenceLink": "http://www.securityfocus.com/bid/95067",
"serverity": "\u4e2d",
"submitTime": "2016-12-23",
"title": "BlueZ\u672c\u5730\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
JVNDB-2016-000247
Vulnerability from jvndb - Published: 2016-12-22 14:26 - Updated:2017-11-27 16:47
Severity ?
Summary
BlueZ userland utilities vulnerable to buffer overflow
Details
BlueZ provides a Bluetooth protocol stack for Linux kernel and userland utilities.
parse_line() function used in some userland utilities contains a buffer overflow vulnerability.
Hiroki MATSUKUMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000247.html",
"dc:date": "2017-11-27T16:47+09:00",
"dcterms:issued": "2016-12-22T14:26+09:00",
"dcterms:modified": "2017-11-27T16:47+09:00",
"description": "BlueZ provides a Bluetooth protocol stack for Linux kernel and userland utilities.\r\nparse_line() function used in some userland utilities contains a buffer overflow vulnerability.\r\n\r\nHiroki MATSUKUMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000247.html",
"sec:cpe": {
"#text": "cpe:/a:bluez:bluez",
"@product": "BlueZ",
"@vendor": "BlueZ Project",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:L/AC:H/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "4.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000247",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN38755305/index.html",
"@id": "JVN#38755305",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7837",
"@id": "CVE-2016-7837",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7837",
"@id": "CVE-2016-7837",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "BlueZ userland utilities vulnerable to buffer overflow"
}
GHSA-RQRX-F2RH-M32Q
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2025-04-20 03:38
VLAI?
Details
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2016-7837"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-09T16:29:00Z",
"severity": "HIGH"
},
"details": "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.",
"id": "GHSA-rqrx-f2rh-m32q",
"modified": "2025-04-20T03:38:48Z",
"published": "2022-05-13T01:27:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7837"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN38755305/index.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4311-1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95067"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2016-7837
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-7837",
"description": "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.",
"id": "GSD-2016-7837",
"references": [
"https://www.suse.com/security/cve/CVE-2016-7837.html",
"https://ubuntu.com/security/CVE-2016-7837",
"https://advisories.mageia.org/CVE-2016-7837.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-7837"
],
"details": "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.",
"id": "GSD-2016-7837",
"modified": "2023-12-13T01:21:20.454134Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BlueZ",
"version": {
"version_data": [
{
"version_value": "5.41 and earlier"
}
]
}
}
]
},
"vendor_name": "BlueZ Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#38755305",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN38755305/index.html"
},
{
"name": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601"
},
{
"name": "95067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95067"
},
{
"name": "USN-4311-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4311-1/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.41",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7837"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#38755305",
"refsource": "JVN",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN38755305/index.html"
},
{
"name": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601"
},
{
"name": "95067",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95067"
},
{
"name": "USN-4311-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4311-1/"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-04-03T00:15Z",
"publishedDate": "2017-06-09T16:29Z"
}
}
}
SUSE-SU-2018:1778-1
Vulnerability from csaf_suse - Published: 2018-06-21 08:41 - Updated: 2018-06-21 08:41Summary
Security update for bluez
Notes
Title of the patch
Security update for bluez
Description of the patch
This update for bluez fixes the following issues:
Security issues fixed:
- CVE-2016-9800: Fix hcidump memory leak in pin_code_reply_dump() (bsc#1013721).
- CVE-2016-9804: Fix hcidump buffer overflow in commands_dump() (bsc#1013877).
- CVE-2016-7837: Fix possible buffer overflow, make sure we don't write past the end of the array (bsc#1026652).
- CVE-2017-1000250: Fix information disclosure vulnerability in service_search_attr_req (bsc#1057342).
Patchnames
SUSE-SLE-DESKTOP-12-SP3-2018-1194,SUSE-SLE-SDK-12-SP3-2018-1194,SUSE-SLE-SERVER-12-SP3-2018-1194,SUSE-SLE-WE-12-SP3-2018-1194
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for bluez",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for bluez fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2016-9800: Fix hcidump memory leak in pin_code_reply_dump() (bsc#1013721).\n- CVE-2016-9804: Fix hcidump buffer overflow in commands_dump() (bsc#1013877).\n- CVE-2016-7837: Fix possible buffer overflow, make sure we don\u0027t write past the end of the array (bsc#1026652).\n- CVE-2017-1000250: Fix information disclosure vulnerability in service_search_attr_req (bsc#1057342).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP3-2018-1194,SUSE-SLE-SDK-12-SP3-2018-1194,SUSE-SLE-SERVER-12-SP3-2018-1194,SUSE-SLE-WE-12-SP3-2018-1194",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1778-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1778-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181778-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1778-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-June/004212.html"
},
{
"category": "self",
"summary": "SUSE Bug 1013721",
"url": "https://bugzilla.suse.com/1013721"
},
{
"category": "self",
"summary": "SUSE Bug 1013877",
"url": "https://bugzilla.suse.com/1013877"
},
{
"category": "self",
"summary": "SUSE Bug 1026652",
"url": "https://bugzilla.suse.com/1026652"
},
{
"category": "self",
"summary": "SUSE Bug 1057342",
"url": "https://bugzilla.suse.com/1057342"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7837 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9800 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9804 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000250 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000250/"
}
],
"title": "Security update for bluez",
"tracking": {
"current_release_date": "2018-06-21T08:41:05Z",
"generator": {
"date": "2018-06-21T08:41:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1778-1",
"initial_release_date": "2018-06-21T08:41:05Z",
"revision_history": [
{
"date": "2018-06-21T08:41:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bluez-devel-5.13-5.4.1.aarch64",
"product": {
"name": "bluez-devel-5.13-5.4.1.aarch64",
"product_id": "bluez-devel-5.13-5.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "bluez-5.13-5.4.1.aarch64",
"product": {
"name": "bluez-5.13-5.4.1.aarch64",
"product_id": "bluez-5.13-5.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "libbluetooth3-5.13-5.4.1.aarch64",
"product": {
"name": "libbluetooth3-5.13-5.4.1.aarch64",
"product_id": "libbluetooth3-5.13-5.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "bluez-devel-5.13-5.4.1.ppc64le",
"product": {
"name": "bluez-devel-5.13-5.4.1.ppc64le",
"product_id": "bluez-devel-5.13-5.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bluez-5.13-5.4.1.ppc64le",
"product": {
"name": "bluez-5.13-5.4.1.ppc64le",
"product_id": "bluez-5.13-5.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libbluetooth3-5.13-5.4.1.ppc64le",
"product": {
"name": "libbluetooth3-5.13-5.4.1.ppc64le",
"product_id": "libbluetooth3-5.13-5.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bluez-devel-5.13-5.4.1.s390x",
"product": {
"name": "bluez-devel-5.13-5.4.1.s390x",
"product_id": "bluez-devel-5.13-5.4.1.s390x"
}
},
{
"category": "product_version",
"name": "bluez-5.13-5.4.1.s390x",
"product": {
"name": "bluez-5.13-5.4.1.s390x",
"product_id": "bluez-5.13-5.4.1.s390x"
}
},
{
"category": "product_version",
"name": "libbluetooth3-5.13-5.4.1.s390x",
"product": {
"name": "libbluetooth3-5.13-5.4.1.s390x",
"product_id": "libbluetooth3-5.13-5.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bluez-5.13-5.4.1.x86_64",
"product": {
"name": "bluez-5.13-5.4.1.x86_64",
"product_id": "bluez-5.13-5.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "bluez-cups-5.13-5.4.1.x86_64",
"product": {
"name": "bluez-cups-5.13-5.4.1.x86_64",
"product_id": "bluez-cups-5.13-5.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbluetooth3-5.13-5.4.1.x86_64",
"product": {
"name": "libbluetooth3-5.13-5.4.1.x86_64",
"product_id": "libbluetooth3-5.13-5.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "bluez-devel-5.13-5.4.1.x86_64",
"product": {
"name": "bluez-devel-5.13-5.4.1.x86_64",
"product_id": "bluez-devel-5.13-5.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 12 SP3",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-5.13-5.4.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:bluez-5.13-5.4.1.x86_64"
},
"product_reference": "bluez-5.13-5.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-cups-5.13-5.4.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:bluez-cups-5.13-5.4.1.x86_64"
},
"product_reference": "bluez-cups-5.13-5.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbluetooth3-5.13-5.4.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libbluetooth3-5.13-5.4.1.x86_64"
},
"product_reference": "libbluetooth3-5.13-5.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-devel-5.13-5.4.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.aarch64"
},
"product_reference": "bluez-devel-5.13-5.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-devel-5.13-5.4.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.ppc64le"
},
"product_reference": "bluez-devel-5.13-5.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-devel-5.13-5.4.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.s390x"
},
"product_reference": "bluez-devel-5.13-5.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-devel-5.13-5.4.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.x86_64"
},
"product_reference": "bluez-devel-5.13-5.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-5.13-5.4.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.aarch64"
},
"product_reference": "bluez-5.13-5.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-5.13-5.4.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.ppc64le"
},
"product_reference": "bluez-5.13-5.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-5.13-5.4.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.s390x"
},
"product_reference": "bluez-5.13-5.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-5.13-5.4.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.x86_64"
},
"product_reference": "bluez-5.13-5.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbluetooth3-5.13-5.4.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.aarch64"
},
"product_reference": "libbluetooth3-5.13-5.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbluetooth3-5.13-5.4.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le"
},
"product_reference": "libbluetooth3-5.13-5.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbluetooth3-5.13-5.4.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.s390x"
},
"product_reference": "libbluetooth3-5.13-5.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbluetooth3-5.13-5.4.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.x86_64"
},
"product_reference": "libbluetooth3-5.13-5.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-5.13-5.4.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.aarch64"
},
"product_reference": "bluez-5.13-5.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-5.13-5.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.ppc64le"
},
"product_reference": "bluez-5.13-5.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-5.13-5.4.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.s390x"
},
"product_reference": "bluez-5.13-5.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-5.13-5.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.x86_64"
},
"product_reference": "bluez-5.13-5.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbluetooth3-5.13-5.4.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.aarch64"
},
"product_reference": "libbluetooth3-5.13-5.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbluetooth3-5.13-5.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le"
},
"product_reference": "libbluetooth3-5.13-5.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbluetooth3-5.13-5.4.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.s390x"
},
"product_reference": "libbluetooth3-5.13-5.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbluetooth3-5.13-5.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.x86_64"
},
"product_reference": "libbluetooth3-5.13-5.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-cups-5.13-5.4.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP3",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP3:bluez-cups-5.13-5.4.1.x86_64"
},
"product_reference": "bluez-cups-5.13-5.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-7837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7837"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:bluez-cups-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:bluez-cups-5.13-5.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7837",
"url": "https://www.suse.com/security/cve/CVE-2016-7837"
},
{
"category": "external",
"summary": "SUSE Bug 1026652 for CVE-2016-7837",
"url": "https://bugzilla.suse.com/1026652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:bluez-cups-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:bluez-cups-5.13-5.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:bluez-cups-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:bluez-cups-5.13-5.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-06-21T08:41:05Z",
"details": "moderate"
}
],
"title": "CVE-2016-7837"
},
{
"cve": "CVE-2016-9800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9800"
}
],
"notes": [
{
"category": "general",
"text": "In BlueZ 5.42, a buffer overflow was observed in \"pin_code_reply_dump\" function in \"tools/parser/hci.c\" source file. The issue exists because \"pin\" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \"pin_code_reply_cp *cp\" parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:bluez-cups-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:bluez-cups-5.13-5.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9800",
"url": "https://www.suse.com/security/cve/CVE-2016-9800"
},
{
"category": "external",
"summary": "SUSE Bug 1013721 for CVE-2016-9800",
"url": "https://bugzilla.suse.com/1013721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:bluez-cups-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:bluez-cups-5.13-5.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:bluez-cups-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:bluez-cups-5.13-5.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-06-21T08:41:05Z",
"details": "low"
}
],
"title": "CVE-2016-9800"
},
{
"cve": "CVE-2016-9804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9804"
}
],
"notes": [
{
"category": "general",
"text": "In BlueZ 5.42, a buffer overflow was observed in \"commands_dump\" function in \"tools/parser/csr.c\" source file. The issue exists because \"commands\" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \"frm-\u003eptr\" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:bluez-cups-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:bluez-cups-5.13-5.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9804",
"url": "https://www.suse.com/security/cve/CVE-2016-9804"
},
{
"category": "external",
"summary": "SUSE Bug 1013877 for CVE-2016-9804",
"url": "https://bugzilla.suse.com/1013877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:bluez-cups-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:bluez-cups-5.13-5.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:bluez-cups-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:bluez-cups-5.13-5.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-06-21T08:41:05Z",
"details": "moderate"
}
],
"title": "CVE-2016-9804"
},
{
"cve": "CVE-2017-1000250",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000250"
}
],
"notes": [
{
"category": "general",
"text": "All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:bluez-cups-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:bluez-cups-5.13-5.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000250",
"url": "https://www.suse.com/security/cve/CVE-2017-1000250"
},
{
"category": "external",
"summary": "SUSE Bug 1057342 for CVE-2017-1000250",
"url": "https://bugzilla.suse.com/1057342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:bluez-cups-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:bluez-cups-5.13-5.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:bluez-cups-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:bluez-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libbluetooth3-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:bluez-devel-5.13-5.4.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:bluez-cups-5.13-5.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-06-21T08:41:05Z",
"details": "low"
}
],
"title": "CVE-2017-1000250"
}
]
}
SUSE-SU-2019:0510-1
Vulnerability from csaf_suse - Published: 2019-02-28 08:53 - Updated: 2019-02-28 08:53Summary
Security update for bluez
Notes
Title of the patch
Security update for bluez
Description of the patch
This update for bluez fixes the following issues:
Security issues fixed:
- CVE-2016-7837: Fixed possible buffer overflow, make sure we don't write past the end of the array.(bsc#1026652)
- CVE-2016-9800: Fix hcidump memory leak in pin_code_reply_dump() (bsc#1013721).
- CVE-2016-9801: Fixed a buffer overflow in set_ext_ctrl function (bsc#1013732)
- CVE-2016-9804: Fix hcidump buffer overflow in commands_dump() (bsc#1013877).
- CVE-2016-9918: Fixed an out-of-bounds read in packet_hexdump() (bsc#1015173)
- CVE-2017-1000250: Fixed a information leak in SDP (part of the recently published BlueBorne vulnerabilities) (bsc#1057342)
Patchnames
SUSE-2019-510,SUSE-SLE-SAP-12-SP1-2019-510,SUSE-SLE-SERVER-12-2019-510,SUSE-SLE-SERVER-12-SP1-2019-510
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for bluez",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for bluez fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2016-7837: Fixed possible buffer overflow, make sure we don\u0027t write past the end of the array.(bsc#1026652)\n- CVE-2016-9800: Fix hcidump memory leak in pin_code_reply_dump() (bsc#1013721).\n- CVE-2016-9801: Fixed a buffer overflow in set_ext_ctrl function (bsc#1013732)\n- CVE-2016-9804: Fix hcidump buffer overflow in commands_dump() (bsc#1013877).\n- CVE-2016-9918: Fixed an out-of-bounds read in packet_hexdump() (bsc#1015173)\n- CVE-2017-1000250: Fixed a information leak in SDP (part of the recently published BlueBorne vulnerabilities) (bsc#1057342)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-510,SUSE-SLE-SAP-12-SP1-2019-510,SUSE-SLE-SERVER-12-2019-510,SUSE-SLE-SERVER-12-SP1-2019-510",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0510-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0510-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190510-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0510-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-February/005161.html"
},
{
"category": "self",
"summary": "SUSE Bug 1013721",
"url": "https://bugzilla.suse.com/1013721"
},
{
"category": "self",
"summary": "SUSE Bug 1013732",
"url": "https://bugzilla.suse.com/1013732"
},
{
"category": "self",
"summary": "SUSE Bug 1013877",
"url": "https://bugzilla.suse.com/1013877"
},
{
"category": "self",
"summary": "SUSE Bug 1015173",
"url": "https://bugzilla.suse.com/1015173"
},
{
"category": "self",
"summary": "SUSE Bug 1026652",
"url": "https://bugzilla.suse.com/1026652"
},
{
"category": "self",
"summary": "SUSE Bug 1057342",
"url": "https://bugzilla.suse.com/1057342"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7837 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9800 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9801 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9804 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9918 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000250 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000250/"
}
],
"title": "Security update for bluez",
"tracking": {
"current_release_date": "2019-02-28T08:53:14Z",
"generator": {
"date": "2019-02-28T08:53:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0510-1",
"initial_release_date": "2019-02-28T08:53:14Z",
"revision_history": [
{
"date": "2019-02-28T08:53:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bluez-5.13-3.10.1.aarch64",
"product": {
"name": "bluez-5.13-3.10.1.aarch64",
"product_id": "bluez-5.13-3.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "bluez-cups-5.13-3.10.1.aarch64",
"product": {
"name": "bluez-cups-5.13-3.10.1.aarch64",
"product_id": "bluez-cups-5.13-3.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "bluez-devel-5.13-3.10.1.aarch64",
"product": {
"name": "bluez-devel-5.13-3.10.1.aarch64",
"product_id": "bluez-devel-5.13-3.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "bluez-test-5.13-3.10.1.aarch64",
"product": {
"name": "bluez-test-5.13-3.10.1.aarch64",
"product_id": "bluez-test-5.13-3.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "libbluetooth3-5.13-3.10.1.aarch64",
"product": {
"name": "libbluetooth3-5.13-3.10.1.aarch64",
"product_id": "libbluetooth3-5.13-3.10.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "bluez-devel-64bit-5.13-3.10.1.aarch64_ilp32",
"product": {
"name": "bluez-devel-64bit-5.13-3.10.1.aarch64_ilp32",
"product_id": "bluez-devel-64bit-5.13-3.10.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libbluetooth3-64bit-5.13-3.10.1.aarch64_ilp32",
"product": {
"name": "libbluetooth3-64bit-5.13-3.10.1.aarch64_ilp32",
"product_id": "libbluetooth3-64bit-5.13-3.10.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "bluez-5.13-3.10.1.i586",
"product": {
"name": "bluez-5.13-3.10.1.i586",
"product_id": "bluez-5.13-3.10.1.i586"
}
},
{
"category": "product_version",
"name": "bluez-cups-5.13-3.10.1.i586",
"product": {
"name": "bluez-cups-5.13-3.10.1.i586",
"product_id": "bluez-cups-5.13-3.10.1.i586"
}
},
{
"category": "product_version",
"name": "bluez-devel-5.13-3.10.1.i586",
"product": {
"name": "bluez-devel-5.13-3.10.1.i586",
"product_id": "bluez-devel-5.13-3.10.1.i586"
}
},
{
"category": "product_version",
"name": "bluez-test-5.13-3.10.1.i586",
"product": {
"name": "bluez-test-5.13-3.10.1.i586",
"product_id": "bluez-test-5.13-3.10.1.i586"
}
},
{
"category": "product_version",
"name": "libbluetooth3-5.13-3.10.1.i586",
"product": {
"name": "libbluetooth3-5.13-3.10.1.i586",
"product_id": "libbluetooth3-5.13-3.10.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "bluez-5.13-3.10.1.ppc64le",
"product": {
"name": "bluez-5.13-3.10.1.ppc64le",
"product_id": "bluez-5.13-3.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bluez-cups-5.13-3.10.1.ppc64le",
"product": {
"name": "bluez-cups-5.13-3.10.1.ppc64le",
"product_id": "bluez-cups-5.13-3.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bluez-devel-5.13-3.10.1.ppc64le",
"product": {
"name": "bluez-devel-5.13-3.10.1.ppc64le",
"product_id": "bluez-devel-5.13-3.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "bluez-test-5.13-3.10.1.ppc64le",
"product": {
"name": "bluez-test-5.13-3.10.1.ppc64le",
"product_id": "bluez-test-5.13-3.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libbluetooth3-5.13-3.10.1.ppc64le",
"product": {
"name": "libbluetooth3-5.13-3.10.1.ppc64le",
"product_id": "libbluetooth3-5.13-3.10.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bluez-5.13-3.10.1.s390",
"product": {
"name": "bluez-5.13-3.10.1.s390",
"product_id": "bluez-5.13-3.10.1.s390"
}
},
{
"category": "product_version",
"name": "bluez-cups-5.13-3.10.1.s390",
"product": {
"name": "bluez-cups-5.13-3.10.1.s390",
"product_id": "bluez-cups-5.13-3.10.1.s390"
}
},
{
"category": "product_version",
"name": "bluez-devel-5.13-3.10.1.s390",
"product": {
"name": "bluez-devel-5.13-3.10.1.s390",
"product_id": "bluez-devel-5.13-3.10.1.s390"
}
},
{
"category": "product_version",
"name": "bluez-test-5.13-3.10.1.s390",
"product": {
"name": "bluez-test-5.13-3.10.1.s390",
"product_id": "bluez-test-5.13-3.10.1.s390"
}
},
{
"category": "product_version",
"name": "libbluetooth3-5.13-3.10.1.s390",
"product": {
"name": "libbluetooth3-5.13-3.10.1.s390",
"product_id": "libbluetooth3-5.13-3.10.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "bluez-5.13-3.10.1.s390x",
"product": {
"name": "bluez-5.13-3.10.1.s390x",
"product_id": "bluez-5.13-3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "bluez-cups-5.13-3.10.1.s390x",
"product": {
"name": "bluez-cups-5.13-3.10.1.s390x",
"product_id": "bluez-cups-5.13-3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "bluez-devel-5.13-3.10.1.s390x",
"product": {
"name": "bluez-devel-5.13-3.10.1.s390x",
"product_id": "bluez-devel-5.13-3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "bluez-devel-32bit-5.13-3.10.1.s390x",
"product": {
"name": "bluez-devel-32bit-5.13-3.10.1.s390x",
"product_id": "bluez-devel-32bit-5.13-3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "bluez-test-5.13-3.10.1.s390x",
"product": {
"name": "bluez-test-5.13-3.10.1.s390x",
"product_id": "bluez-test-5.13-3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "libbluetooth3-5.13-3.10.1.s390x",
"product": {
"name": "libbluetooth3-5.13-3.10.1.s390x",
"product_id": "libbluetooth3-5.13-3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "libbluetooth3-32bit-5.13-3.10.1.s390x",
"product": {
"name": "libbluetooth3-32bit-5.13-3.10.1.s390x",
"product_id": "libbluetooth3-32bit-5.13-3.10.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bluez-5.13-3.10.1.x86_64",
"product": {
"name": "bluez-5.13-3.10.1.x86_64",
"product_id": "bluez-5.13-3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "bluez-cups-5.13-3.10.1.x86_64",
"product": {
"name": "bluez-cups-5.13-3.10.1.x86_64",
"product_id": "bluez-cups-5.13-3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "bluez-devel-5.13-3.10.1.x86_64",
"product": {
"name": "bluez-devel-5.13-3.10.1.x86_64",
"product_id": "bluez-devel-5.13-3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "bluez-devel-32bit-5.13-3.10.1.x86_64",
"product": {
"name": "bluez-devel-32bit-5.13-3.10.1.x86_64",
"product_id": "bluez-devel-32bit-5.13-3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "bluez-test-5.13-3.10.1.x86_64",
"product": {
"name": "bluez-test-5.13-3.10.1.x86_64",
"product_id": "bluez-test-5.13-3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbluetooth3-5.13-3.10.1.x86_64",
"product": {
"name": "libbluetooth3-5.13-3.10.1.x86_64",
"product_id": "libbluetooth3-5.13-3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "libbluetooth3-32bit-5.13-3.10.1.x86_64",
"product": {
"name": "libbluetooth3-32bit-5.13-3.10.1.x86_64",
"product_id": "libbluetooth3-32bit-5.13-3.10.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-5.13-3.10.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le"
},
"product_reference": "bluez-5.13-3.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-5.13-3.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64"
},
"product_reference": "bluez-5.13-3.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbluetooth3-5.13-3.10.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le"
},
"product_reference": "libbluetooth3-5.13-3.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbluetooth3-5.13-3.10.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
},
"product_reference": "libbluetooth3-5.13-3.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-5.13-3.10.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le"
},
"product_reference": "bluez-5.13-3.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-5.13-3.10.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x"
},
"product_reference": "bluez-5.13-3.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-5.13-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64"
},
"product_reference": "bluez-5.13-3.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbluetooth3-5.13-3.10.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le"
},
"product_reference": "libbluetooth3-5.13-3.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbluetooth3-5.13-3.10.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x"
},
"product_reference": "libbluetooth3-5.13-3.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbluetooth3-5.13-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64"
},
"product_reference": "libbluetooth3-5.13-3.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-5.13-3.10.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le"
},
"product_reference": "bluez-5.13-3.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-5.13-3.10.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x"
},
"product_reference": "bluez-5.13-3.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bluez-5.13-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64"
},
"product_reference": "bluez-5.13-3.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbluetooth3-5.13-3.10.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le"
},
"product_reference": "libbluetooth3-5.13-3.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbluetooth3-5.13-3.10.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x"
},
"product_reference": "libbluetooth3-5.13-3.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libbluetooth3-5.13-3.10.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64"
},
"product_reference": "libbluetooth3-5.13-3.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-7837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7837"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7837",
"url": "https://www.suse.com/security/cve/CVE-2016-7837"
},
{
"category": "external",
"summary": "SUSE Bug 1026652 for CVE-2016-7837",
"url": "https://bugzilla.suse.com/1026652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-28T08:53:14Z",
"details": "moderate"
}
],
"title": "CVE-2016-7837"
},
{
"cve": "CVE-2016-9800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9800"
}
],
"notes": [
{
"category": "general",
"text": "In BlueZ 5.42, a buffer overflow was observed in \"pin_code_reply_dump\" function in \"tools/parser/hci.c\" source file. The issue exists because \"pin\" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \"pin_code_reply_cp *cp\" parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9800",
"url": "https://www.suse.com/security/cve/CVE-2016-9800"
},
{
"category": "external",
"summary": "SUSE Bug 1013721 for CVE-2016-9800",
"url": "https://bugzilla.suse.com/1013721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-28T08:53:14Z",
"details": "low"
}
],
"title": "CVE-2016-9800"
},
{
"cve": "CVE-2016-9801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9801"
}
],
"notes": [
{
"category": "general",
"text": "In BlueZ 5.42, a buffer overflow was observed in \"set_ext_ctrl\" function in \"tools/parser/l2cap.c\" source file when processing corrupted dump file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9801",
"url": "https://www.suse.com/security/cve/CVE-2016-9801"
},
{
"category": "external",
"summary": "SUSE Bug 1013732 for CVE-2016-9801",
"url": "https://bugzilla.suse.com/1013732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-28T08:53:14Z",
"details": "low"
}
],
"title": "CVE-2016-9801"
},
{
"cve": "CVE-2016-9804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9804"
}
],
"notes": [
{
"category": "general",
"text": "In BlueZ 5.42, a buffer overflow was observed in \"commands_dump\" function in \"tools/parser/csr.c\" source file. The issue exists because \"commands\" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \"frm-\u003eptr\" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9804",
"url": "https://www.suse.com/security/cve/CVE-2016-9804"
},
{
"category": "external",
"summary": "SUSE Bug 1013877 for CVE-2016-9804",
"url": "https://bugzilla.suse.com/1013877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-28T08:53:14Z",
"details": "moderate"
}
],
"title": "CVE-2016-9804"
},
{
"cve": "CVE-2016-9918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9918"
}
],
"notes": [
{
"category": "general",
"text": "In BlueZ 5.42, an out-of-bounds read was identified in \"packet_hexdump\" function in \"monitor/packet.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9918",
"url": "https://www.suse.com/security/cve/CVE-2016-9918"
},
{
"category": "external",
"summary": "SUSE Bug 1013893 for CVE-2016-9918",
"url": "https://bugzilla.suse.com/1013893"
},
{
"category": "external",
"summary": "SUSE Bug 1015173 for CVE-2016-9918",
"url": "https://bugzilla.suse.com/1015173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-28T08:53:14Z",
"details": "moderate"
}
],
"title": "CVE-2016-9918"
},
{
"cve": "CVE-2017-1000250",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000250"
}
],
"notes": [
{
"category": "general",
"text": "All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000250",
"url": "https://www.suse.com/security/cve/CVE-2017-1000250"
},
{
"category": "external",
"summary": "SUSE Bug 1057342 for CVE-2017-1000250",
"url": "https://bugzilla.suse.com/1057342"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:libbluetooth3-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:bluez-5.13-3.10.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:libbluetooth3-5.13-3.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-28T08:53:14Z",
"details": "low"
}
],
"title": "CVE-2017-1000250"
}
]
}
FKIE_CVE-2016-7837
Vulnerability from fkie_nvd - Published: 2017-06-09 16:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/95067 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601 | Patch, Third Party Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN38755305/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://usn.ubuntu.com/4311-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95067 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN38755305/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4311-1/ |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72A099E5-13B3-49FB-9DD9-801BD11156BC",
"versionEndIncluding": "5.41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities."
},
{
"lang": "es",
"value": "Ddesbordamiento de b\u00fafer en BlueZ 5.41 y versiones anteriores, permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n parse_line utilizada en algunas utilidades de userland."
}
],
"id": "CVE-2016-7837",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-09T16:29:01.297",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95067"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN38755305/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://usn.ubuntu.com/4311-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN38755305/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4311-1/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…