|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2020-0556: bluez: Improper access control may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Robert Frohl <rfrohl> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Minor | ||
| Priority: | P3 - Medium | CC: | carlos.lopez, smash_bz |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/254874/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2020-0556:6.3:(AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Robert Frohl
2020-03-16 10:53:01 UTC
These codestreams seem affected: - SUSE:SLE-12:Update - SUSE:SLE-12-SP2:Update - SUSE:SLE-15:Update unsure, but the access control seems to be missing too: - SUSE:SLE-11-SP1:Update - SUSE:SLE-11-SP3:Update - SUSE:SLE-11-SP4:Update patches: - https://patchwork.kernel.org/patch/11428317/ - https://patchwork.kernel.org/patch/11428319/ discussion of patches: - https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/ sr: SLE15:Update - 214089 SLE15-SP2:Update - 214090 (In reply to Robert Frohl from comment #1) > These codestreams seem affected: > - SUSE:SLE-12:Update > - SUSE:SLE-12-SP2:Update > - SUSE:SLE-15:Update > SLE-12 and SLE-12-SP2 work in progress. > unsure, but the access control seems to be missing too: > - SUSE:SLE-11-SP1:Update > - SUSE:SLE-11-SP3:Update > - SUSE:SLE-11-SP4:Update > Will check status ASAP. > patches: > - https://patchwork.kernel.org/patch/11428317/ > - https://patchwork.kernel.org/patch/11428319/ > > discussion of patches: > - > https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1- > alainm@chromium.org/ (In reply to Al Cho from comment #2) > sr: > SLE15:Update - 214089 > SLE15-SP2:Update - 214090 > revoke this two because there are commit f2778f5877d20696d68a452b26e4accb91bfb19e (HEAD -> master, origin/master, origin/HEAD) Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Date: Wed Mar 11 11:43:21 2020 -0700 input: Add LEAutoSecurity setting to input.conf LEAutoSecurity can be used to enable/disable automatic upgrades of security for LE devices, by default it is enabled so existing devices that did not require security and were not bonded will automatically upgrade the security. Note: Platforms disabling this setting would require users to manually bond the device which may require changes to the user interface to always force bonding for input devices as APIs such as Device.Connect will no longer work which maybe perceived as a regression. commit 35d8d895cd0b724e58129374beb0bb4a2edf9519 Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Date: Tue Mar 10 09:59:07 2020 -0700 input: hog: Attempt to set security level if not bonded This attempts to set the security if the device is not bonded, the kernel will block any communication on the ATT socket while bumping the security and if that fails the device will be disconnected which is better than having the device dangling around without being able to communicate with it until it is properly bonded. for this issue, will also apply to fix. > (In reply to Robert Frohl from comment #1) > > These codestreams seem affected: > > - SUSE:SLE-12:Update > > - SUSE:SLE-12-SP2:Update > > - SUSE:SLE-15:Update > > > > SLE-12 and SLE-12-SP2 work in progress. > > > unsure, but the access control seems to be missing too: > > - SUSE:SLE-11-SP1:Update > > - SUSE:SLE-11-SP3:Update > > - SUSE:SLE-11-SP4:Update > > > > Will check status ASAP. > > > patches: > > - https://patchwork.kernel.org/patch/11428317/ > > - https://patchwork.kernel.org/patch/11428319/ > > > > discussion of patches: > > - > > https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1- > > alainm@chromium.org/ (In reply to Robert Frohl from comment #1) > These codestreams seem affected: > - SUSE:SLE-12:Update > - SUSE:SLE-12-SP2:Update > - SUSE:SLE-15:Update For completeness sake: openSUSE:Factory is also affected sr SLE-15:update - 214154 Base:System - 786108 > unsure, but the access control seems to be missing too: > - SUSE:SLE-11-SP1:Update > - SUSE:SLE-11-SP3:Update > - SUSE:SLE-11-SP4:Update We don't support HOG (HID over GATT) Profil before bluez-5.0. > These codestreams seem affected: > - SUSE:SLE-12:Update > - SUSE:SLE-12-SP2:Update WIP. (In reply to Robert Frohl from comment #5) > (In reply to Robert Frohl from comment #1) > > These codestreams seem affected: > > - SUSE:SLE-12:Update > > - SUSE:SLE-12-SP2:Update > > - SUSE:SLE-15:Update > > For completeness sake: openSUSE:Factory is also affected yes, already submitrequest to OBS (Base:System), it will push to openSUSE:Factory. SUSE-SU-2020:0918-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1166751 CVE References: CVE-2020-0556 Sources used: SUSE Linux Enterprise Workstation Extension 15-SP1 (src): bluez-5.48-5.25.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): bluez-5.48-5.25.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src): bluez-5.48-5.25.1 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): bluez-5.48-5.25.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2020:0479-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1166751 CVE References: CVE-2020-0556 Sources used: openSUSE Leap 15.1 (src): bluez-5.48-lp151.8.12.1 sr SLE-12:update - 218765 (In reply to Al Cho from comment #6) > sr > SLE-15:update - 214154 > Base:System - 786108 > > > unsure, but the access control seems to be missing too: > > - SUSE:SLE-11-SP1:Update > > - SUSE:SLE-11-SP3:Update > > - SUSE:SLE-11-SP4:Update > > We don't support HOG (HID over GATT) Profil before bluez-5.0. > > > These codestreams seem affected: > > - SUSE:SLE-12:Update > > - SUSE:SLE-12-SP2:Update > > WIP. > > (In reply to Robert Frohl from comment #5) > > (In reply to Robert Frohl from comment #1) > > > These codestreams seem affected: > > > - SUSE:SLE-12:Update > > > - SUSE:SLE-12-SP2:Update > > > - SUSE:SLE-15:Update > > > > For completeness sake: openSUSE:Factory is also affected > > yes, already submitrequest to OBS (Base:System), it will push to > openSUSE:Factory. This is an autogenerated message for OBS integration: This bug (1166751) was mentioned in https://build.opensuse.org/request/show/816925 15.2 / bluez openSUSE-SU-2020:0872-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1166751 CVE References: CVE-2020-0556 Sources used: openSUSE Leap 15.2 (src): bluez-5.48-lp152.12.3.1 SUSE-SU-2020:3034-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1166751,1177895 CVE References: CVE-2020-0556,CVE-2020-27153 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP2 (src): bluez-5.48-13.3.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src): bluez-5.48-13.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): bluez-5.48-13.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2020:3516-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1166751 CVE References: CVE-2020-0556 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): bluez-5.13-5.23.1 SUSE OpenStack Cloud Crowbar 8 (src): bluez-5.13-5.23.1 SUSE OpenStack Cloud 9 (src): bluez-5.13-5.23.1 SUSE OpenStack Cloud 8 (src): bluez-5.13-5.23.1 SUSE OpenStack Cloud 7 (src): bluez-5.13-5.23.1 SUSE Linux Enterprise Workstation Extension 12-SP5 (src): bluez-5.13-5.23.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): bluez-5.13-5.23.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): bluez-5.13-5.23.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): bluez-5.13-5.23.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): bluez-5.13-5.23.1 SUSE Linux Enterprise Server 12-SP5 (src): bluez-5.13-5.23.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): bluez-5.13-5.23.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): bluez-5.13-5.23.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): bluez-5.13-5.23.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): bluez-5.13-5.23.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): bluez-5.13-5.23.1 SUSE Enterprise Storage 5 (src): bluez-5.13-5.23.1 HPE Helion Openstack 8 (src): bluez-5.13-5.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. Done, closing. |