| Package | bluez |
|---|---|
| Version | 5.43-2+deb9u8 (stretch), 5.50-1.2~deb10u6 (buster) |
| Related CVEs | CVE-2023-27349 CVE-2023-50229 CVE-2023-50230 |
Multiple vulnerabilities have been fixed in bluez, a library, tools and daemons for using Bluetooth devices.
CVE-2023-27349 (stretch)
AVRCP crash while handling unsupported events
CVE-2023-50229
Phone Book Access profile Heap-based Buffer Overflow
CVE-2023-50230
Phone Book Access profile Heap-based Buffer Overflow
For Debian 10 buster, these problems have been fixed in version 5.50-1.2~deb10u6.
For Debian 9 stretch, these problems have been fixed in version 5.43-2+deb9u8.
We recommend that you upgrade your bluez packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.