File _patchinfo of Package patchinfo.25900

<patchinfo incident="25900">
  <issue tracker="bnc" id="1186463">VUL-0: CVE-2021-0129,CVE-2020-26558: kernel-source, bluez: vulnerabilities with bluetooth subsystem (INTEL-SA-00517)</issue>
  <issue tracker="bnc" id="1193237">VUL-0: CVE-2019-8921: bluez: information leak in service_attr_req() in sdpd-request.c via a crafted CSTATE</issue>
  <issue tracker="bnc" id="1193227">VUL-0: CVE-2019-8922: bluez: heap-based buffer overflow via crafted request</issue>
  <issue tracker="bnc" id="1188859">VUL-0: CVE-2021-3658: bluez: adapter incorrectly restores Discoverable state after powered down</issue>
  <issue tracker="bnc" id="1192394">VUL-0: CVE-2021-43400: bluez: use-after-free in gatt-database.c</issue>
  <issue tracker="cve" id="2020-26558"/>
  <issue tracker="cve" id="2021-0129"/>
  <issue tracker="cve" id="2019-8921"/>
  <issue tracker="cve" id="2019-8922"/>
  <issue tracker="cve" id="2021-3658"/>
  <issue tracker="cve" id="2021-43400"/>
  <packager>joeyli</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for bluez</summary>
  <description>This update for bluez fixes the following issues:

- CVE-2021-0129: Fixed improper access control (bsc#1186463).
- CVE-2020-26558: Fixed vulnerability that may permit a nearby man-in-the-middle attacker to identify the Passkey (bsc#1186463).
- CVE-2019-8921: Fixed heap-based buffer overflow via crafted request (bsc#1193237).
- CVE-2019-8922: Fixed heap-based buffer overflow via crafted request (bsc#1193227).
- CVE-2021-3658: Fixed adapter incorrectly restoring discoverable state after powered down (bsc#1188859).
- CVE-2021-43400: Fixed use-after-free in gatt-database.c (bsc#1192394).

</description>
</patchinfo>