Описание
Security update for bluez
This update for bluez fixes the following issues:
- CVE-2023-45866: keystroke injection and arbitrary command execution via HID device connections (bsc#1217877).
Список пакетов
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
bluez-5.13-5.45.1
bluez-devel-5.13-5.45.1
libbluetooth3-5.13-5.45.1
Ссылки
- Link for SUSE-SU-2025:03590-1
- E-Mail link for SUSE-SU-2025:03590-1
- SUSE Security Ratings
- SUSE Bug 1217877
- SUSE CVE CVE-2023-45866 page
Описание
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:bluez-5.13-5.45.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:bluez-devel-5.13-5.45.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libbluetooth3-5.13-5.45.1
Ссылки
- CVE-2023-45866
- SUSE Bug 1217877