CLSA-2025-1763031616

CVE-2023-27349: fix crash while handling unsupported events in avrcp
CVE-2023-44431: fix Stack-based buffer overflow and remote code execution vulnerability
CVE-2023-45866: restrict HID connections to avoid unauthorized input injection
CVE-2023-50229: fix heap-based buffer overflow vulnerability in handling Phone Book Access profile by adding proper validation of user-supplied data length before copying to buffer
CVE-2023-50230: fix heap-based buffer overflow vulnerability in Phone Book Access profile to prevent arbitrary code execution by validating user-supplied data length before copying to buffer
CVE-2023-51580: validate AVRCP attribute list data to prevent out-of-bounds reads and information disclosure
CVE-2023-51589: validate AVRCP media element data to prevent out-of-bounds reads and information disclosure
CVE-2023-51592: validate AVRCP media folder data to prevent out-of-bounds reads and information disclosure
CVE-2023-51594: validate OBEX protocol parameters to prevent out-of-bounds reads and information disclosure
CVE-2023-51596: validate PBAP data length to prevent heap overflow and remote code execution

References

https://errata.tuxcare.com/els_os/almalinux9.2esu/CLSA-2025-1763031616.html

Affected packages

TuxCare:AlmaLinux:9.2

bluez

Package

Name: bluez
Purl: pkg:rpm/tuxcare/bluez?distro=almalinux-9.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.72-4.el9.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1763031616.json"

bluez-cups

Package

Name: bluez-cups
Purl: pkg:rpm/tuxcare/bluez-cups?distro=almalinux-9.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.72-4.el9.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1763031616.json"

bluez-hid2hci

Package

Name: bluez-hid2hci
Purl: pkg:rpm/tuxcare/bluez-hid2hci?distro=almalinux-9.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.72-4.el9.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1763031616.json"

bluez-libs

Package

Name: bluez-libs
Purl: pkg:rpm/tuxcare/bluez-libs?distro=almalinux-9.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.72-4.el9.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1763031616.json"

bluez-libs-devel

Package

Name: bluez-libs-devel
Purl: pkg:rpm/tuxcare/bluez-libs-devel?distro=almalinux-9.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.72-4.el9.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1763031616.json"

bluez-mesh

Package

Name: bluez-mesh
Purl: pkg:rpm/tuxcare/bluez-mesh?distro=almalinux-9.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.72-4.el9.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1763031616.json"

bluez-obexd

Package

Name: bluez-obexd
Purl: pkg:rpm/tuxcare/bluez-obexd?distro=almalinux-9.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.72-4.el9.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1763031616.json"