{"id":"USN-4989-2","summary":"bluez vulnerabilities","details":"USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides\nthe corresponding update for Ubuntu 16.04 ESM.\n\nOriginal advisory details:\n\n It was discovered that BlueZ incorrectly checked certain permissions when\n pairing. A local attacker could possibly use this issue to impersonate\n devices. (CVE-2020-26558)\n\n Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT\n events. A local attacker could use this issue to cause BlueZ to crash,\n resulting in a denial of service, or possibly execute arbitrary code. This\n issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-27153)\n","modified":"2026-04-27T16:03:38.631725556Z","published":"2021-06-16T14:17:40Z","related":["UBUNTU-CVE-2020-26558","UBUNTU-CVE-2020-27153"],"upstream":["CVE-2020-26558","CVE-2020-27153","UBUNTU-CVE-2020-26558","UBUNTU-CVE-2020-27153"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4989-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-26558"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-27153"}],"affected":[{"package":{"name":"bluez","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/bluez@5.37-0ubuntu5.3+esm1?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.37-0ubuntu5.3+esm1"}]}],"versions":["5.35-0ubuntu2","5.36-0ubuntu1","5.37-0ubuntu5","5.37-0ubuntu5.1","5.37-0ubuntu5.3"],"ecosystem_specific":{"binaries":[{"binary_version":"5.37-0ubuntu5.3+esm1","binary_name":"bluetooth"},{"binary_version":"5.37-0ubuntu5.3+esm1","binary_name":"bluez"},{"binary_version":"5.37-0ubuntu5.3+esm1","binary_name":"bluez-cups"},{"binary_version":"5.37-0ubuntu5.3+esm1","binary_name":"bluez-hcidump"},{"binary_version":"5.37-0ubuntu5.3+esm1","binary_name":"bluez-obexd"},{"binary_version":"5.37-0ubuntu5.3+esm1","binary_name":"bluez-tests"},{"binary_version":"5.37-0ubuntu5.3+esm1","binary_name":"libbluetooth3"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"id":"CVE-2020-26558","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-27153","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"type":"Ubuntu","score":"low"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4989-2.json"}}],"schema_version":"1.7.5"}