|
|
Subscribe / Log in / New account

BleedingTooth: critical kernel Bluetooth vulnerability

BleedingTooth: critical kernel Bluetooth vulnerability

Posted Oct 19, 2020 15:37 UTC (Mon) by bluss (guest, #47454)
In reply to: BleedingTooth: critical kernel Bluetooth vulnerability by h2g2bob
Parent article: BleedingTooth: critical kernel Bluetooth vulnerability

There today https://lists.debian.org/debian-security-announce/2020/ms...

to post comments

BleedingTooth: critical kernel Bluetooth vulnerability

Posted Oct 19, 2020 21:11 UTC (Mon) by wx (guest, #103979) [Link] (2 responses)

Am I correct in thinking that this only updates to 4.19.152 without further patches? If that is the case then this does not include the fix for the fix (https://lore.kernel.org/linux-bluetooth/20201016180956.70...) discussed above.

Neither another fix (https://lore.kernel.org/linux-bluetooth/20201016180956.70...) also referred to above.

BleedingTooth: critical kernel Bluetooth vulnerability

Posted Oct 20, 2020 8:44 UTC (Tue) by bluss (guest, #47454) [Link] (1 responses)

That the debian changelog link here doesn't work for non-standard updates (like security and NMU) is really quite strange and unhelpful. https://packages.debian.org/source/buster/linux

I looked at the diff and from what I can see, yes, the rsp.id = req->id being overwritten, is still an issue in 4.19.152-1

BleedingTooth: critical kernel Bluetooth vulnerability

Posted Oct 20, 2020 15:39 UTC (Tue) by pabs (subscriber, #43278) [Link]

The bug about security changelogs is here, seems unlikely to get fixed any time soon:

https://bugs.debian.org/490848


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds