Univention Bugzilla – Bug 56921
bluez: Multiple issues (5.0)
Last modified: 2023-12-20 17:04:34 CET
New Debian bluez 5.50-1.2~deb10u4 fixes: This update addresses the following issue: 5.50-1.2~deb10u4 (Thu, 14 Dec 2023 14:28:50 +0000) * Non-maintainer upload by the Debian LTS Team. * CVE-2023-45866: Fix an issue where Bluetooth Human Interface Devices (HID) hosts in BlueZ may have permitted an unauthenticated peripheral to initiate and establish encrypted connections and accept keyboard reports, potentially permitting injection of HID messages despite no user actually authorising such access.
--- mirror/ftp/pool/main/b/bluez/bluez_5.50-1.2~deb10u3.dsc +++ apt/ucs_5.0-0-errata5.0-6/source/bluez_5.50-1.2~deb10u4.dsc @@ -1,3 +1,12 @@ +5.50-1.2~deb10u4 [Thu, 14 Dec 2023 14:28:50 +0000] Chris Lamb <lamby@debian.org>: + + * Non-maintainer upload by the Debian LTS Team. + * CVE-2023-45866: Fix an issue where Bluetooth Human Interface Devices + (HID) hosts in BlueZ may have permitted an unauthenticated peripheral + to initiate and establish encrypted connections and accept keyboard + reports, potentially permitting injection of HID messages despite no + user actually authorising such access. (Closes: #1057914) + 5.50-1.2~deb10u3 [Sat, 22 Oct 2022 18:39:32 +0200] Sylvain Beucler <beuc@debian.org>: * Non-maintainer upload by the LTS Security Team. <http://piuparts.knut.univention.de/5.0-6/#8618483752137076497>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-6] 8948f61613 Bug #56921: bluez 5.50-1.2~deb10u4 doc/errata/staging/bluez.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x899>