26 lines
962 B
ReStructuredText
26 lines
962 B
ReStructuredText
.. _vulnerabilities:
|
|
|
|
Vulnerabilities
|
|
###############
|
|
|
|
This page collects all of the vulnerabilities that are discovered and
|
|
fixed in each release. It will also often have more details than is
|
|
available in the releases. Some vulnerabilities are deemed to be
|
|
sensitive, and will not be publically discussed until there is
|
|
sufficient time to fix them. Because the release notes are locked to
|
|
a version, the information here can be updated after the embargo is
|
|
lifted.
|
|
|
|
Release 1.14.0 and 2.0.0
|
|
------------------------
|
|
|
|
The following security vulnerability (CVE) was addressed in this
|
|
release:
|
|
|
|
* Fixes CVE-2019-9506: The Bluetooth BR/EDR specification up to and
|
|
including version 5.1 permits sufficiently low encryption key length
|
|
and does not prevent an attacker from influencing the key length
|
|
negotiation. This allows practical brute-force attacks (aka "KNOB")
|
|
that can decrypt traffic and inject arbitrary ciphertext without the
|
|
victim noticing.
|