Red Hat Security Advisory 2017-2685-01 - The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts, and pcmcia configuration files. Security Fix: An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol. A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information such as Bluetooth encryption keys.
4ad0396446edfa9b38da0c8e754bcf1e12663a24e02c45b05a3464921a4c8f61
Ubuntu Security Notice 3413-1 - It was discovered that an information disclosure vulnerability existed in the Service Discovery Protocol implementation in BlueZ. A physically proximate unauthenticated attacker could use this to disclose sensitive information.
2b247b3301912be8404e2924d6964a468cdcb4bc1a40ca02f149d814157a9a75