SB2025051423 - Anolis OS update for bluez

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2023-51580)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling AVRCP protocol within the avrcp_parse_attribute_list() function. A remote attacker can trick the victim into connecting to a malicious device, trigger an out-of-bounds read and gain access to sensitive information.

2) Out-of-bounds read (CVE-ID: CVE-2023-51589)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling AVRCP protocol within the parse_media_element() function. A remote attacker can trick the victim into connecting to a malicious device, trigger an out-of-bounds read and gain access to sensitive information.

3) Out-of-bounds read (CVE-ID: CVE-2023-51592)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling AVRCP protocol within the parse_media_folder() function. A remote attacker can trick the victim into connecting to a malicious device, trigger an out-of-bounds read and gain access to sensitive information.

4) Out-of-bounds read (CVE-ID: CVE-2023-51594)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling OBEX protocol parameter. A remote attacker can trick the victim into connecting to a malicious device, trigger an out-of-bounds read and gain access to sensitive information.

Remediation

Install update from vendor's website.

References

• https://anas.openanolis.cn/errata/detail/ANSA-2025:0232