doc: releases: Add CVE-2019-9506 to release notes
Add section about security vulnerability issues in the 2.0.0 release notes. Signed-off-by: David Brown <david.brown@linaro.org>
This commit is contained in:
David Brown
Ioannis Glaropoulos
parent
ee57741c8c
commit
f14e024c39
1 changed files with 13 additions and 0 deletions
|
|
@ -23,6 +23,19 @@ Major enhancements with this release include:
|
|||
|
||||
The following sections provide detailed lists of changes by component.
|
||||
|
||||
Security Vulnerability Related
|
||||
******************************
|
||||
|
||||
The following security vulnerability (CVE) was addressed in this
|
||||
release:
|
||||
|
||||
* Fixes CVE-2019-9506: The Bluetooth BR/EDR specification up to and
|
||||
including version 5.1 permits sufficiently low encryption key length
|
||||
and does not prevent an attacker from influencing the key length
|
||||
negotiation. This allows practical brute-force attacks (aka "KNOB")
|
||||
that can decrypt traffic and inject arbitrary ciphertext without the
|
||||
victim noticing.
|
||||
|
||||
Kernel
|
||||
******
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue