It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. (CVE-2020-0556)
It was discovered that BlueZ incorrectly handled certain commands. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7837)
{ "availability": "No subscription required", "binaries": [ { "libbluetooth3": "5.37-0ubuntu5.3", "bluez-dbgsym": "5.37-0ubuntu5.3", "bluez-hcidump": "5.37-0ubuntu5.3", "bluez-hcidump-dbgsym": "5.37-0ubuntu5.3", "bluez-obexd-dbgsym": "5.37-0ubuntu5.3", "bluez-cups-dbgsym": "5.37-0ubuntu5.3", "bluez-dbg": "5.37-0ubuntu5.3", "libbluetooth-dev": "5.37-0ubuntu5.3", "bluetooth": "5.37-0ubuntu5.3", "libbluetooth3-dbgsym": "5.37-0ubuntu5.3", "bluez-tests-dbgsym": "5.37-0ubuntu5.3", "bluez-cups": "5.37-0ubuntu5.3", "bluez-tests": "5.37-0ubuntu5.3", "libbluetooth-dev-dbgsym": "5.37-0ubuntu5.3", "libbluetooth3-dbg": "5.37-0ubuntu5.3", "bluez": "5.37-0ubuntu5.3", "bluez-obexd": "5.37-0ubuntu5.3" } ] }
{ "availability": "No subscription required", "binaries": [ { "libbluetooth3": "5.48-0ubuntu3.4", "bluetooth": "5.48-0ubuntu3.4", "bluez-hcidump": "5.48-0ubuntu3.4", "bluez-cups": "5.48-0ubuntu3.4", "bluez-tests": "5.48-0ubuntu3.4", "libbluetooth3-dbg": "5.48-0ubuntu3.4", "bluez-dbg": "5.48-0ubuntu3.4", "libbluetooth-dev": "5.48-0ubuntu3.4", "bluez": "5.48-0ubuntu3.4", "bluez-obexd": "5.48-0ubuntu3.4" } ] }