| Package | bluez |
|---|---|
| Version | 5.43-2+deb9u2~deb8u3 |
| Related CVEs | CVE-2020-26558 CVE-2021-0129 |
Two issues have been found in bluez, a package with Bluetooth tools and daemons. One issue is about a man-in-the-middle attack during secure pairing, the other is about information disclosure due to improper access control.
In order to completely fix both issues, you need an updated kernel as well!
For Debian 8 jessie, these problems have been fixed in version 5.43-2+deb9u2~deb8u3.
We recommend that you upgrade your bluez packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.