ELSA-2024-11154

Опубликовано: 17 дек. 2024

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2024-11154: bluez security update (MODERATE)

[5.63-3]

bluez-5.63-3

Add back the tests for OSCI.

[5.63-2]

bluez-5.63-2

Change default of ClassicBondedOnly to true to align with HID specification.
Resolves: RHEL-18429
Fixing CVE-2021-41229

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

bluez

5.63-3.el8_10

bluez-cups

5.63-3.el8_10

bluez-hid2hci

5.63-3.el8_10

bluez-libs

5.63-3.el8_10

bluez-libs-devel

5.63-3.el8_10

bluez-obexd

5.63-3.el8_10

Oracle Linux x86_64

bluez

5.63-3.el8_10

bluez-cups

5.63-3.el8_10

bluez-hid2hci

5.63-3.el8_10

bluez-libs

5.63-3.el8_10

bluez-libs-devel

5.63-3.el8_10

bluez-obexd

5.63-3.el8_10

Связанные CVE

CVE-2023-45866

Ссылки на источники

Связанные уязвимости

CVE-2023-45866

CVSS3: 6.3

ubuntu

больше 1 года назад

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.