An update for bluez is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1948 Final 1.0 1.0 2023-12-22 Initial 2023-12-22 2023-12-22 openEuler SA Tool V1.0 2023-12-22 bluez security update An update for bluez is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2. This package provides all utilities for use in Bluetooth applications. The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A. Security Fix(es): Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.(CVE-2023-45866) An update for bluez is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High bluez https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1948 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-45866 https://nvd.nist.gov/vuln/detail/CVE-2023-45866 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 bluez-5.54-13.oe1.aarch64.rpm bluez-devel-5.54-13.oe1.aarch64.rpm bluez-cups-5.54-13.oe1.aarch64.rpm bluez-debugsource-5.54-13.oe1.aarch64.rpm bluez-libs-5.54-13.oe1.aarch64.rpm bluez-debuginfo-5.54-13.oe1.aarch64.rpm bluez-debugsource-5.54-13.oe1.aarch64.rpm bluez-devel-5.54-13.oe1.aarch64.rpm bluez-libs-5.54-13.oe1.aarch64.rpm bluez-5.54-13.oe1.aarch64.rpm bluez-cups-5.54-13.oe1.aarch64.rpm bluez-debuginfo-5.54-13.oe1.aarch64.rpm bluez-libs-5.54-13.oe2003sp4.aarch64.rpm bluez-debuginfo-5.54-13.oe2003sp4.aarch64.rpm bluez-cups-5.54-13.oe2003sp4.aarch64.rpm bluez-5.54-13.oe2003sp4.aarch64.rpm bluez-devel-5.54-13.oe2003sp4.aarch64.rpm bluez-debugsource-5.54-13.oe2003sp4.aarch64.rpm bluez-5.54-18.oe2203.aarch64.rpm bluez-devel-5.54-18.oe2203.aarch64.rpm bluez-cups-5.54-18.oe2203.aarch64.rpm bluez-debuginfo-5.54-18.oe2203.aarch64.rpm bluez-debugsource-5.54-18.oe2203.aarch64.rpm bluez-libs-5.54-18.oe2203.aarch64.rpm bluez-debuginfo-5.54-18.oe2203sp1.aarch64.rpm bluez-devel-5.54-18.oe2203sp1.aarch64.rpm bluez-libs-5.54-18.oe2203sp1.aarch64.rpm bluez-5.54-18.oe2203sp1.aarch64.rpm bluez-cups-5.54-18.oe2203sp1.aarch64.rpm bluez-debugsource-5.54-18.oe2203sp1.aarch64.rpm bluez-devel-5.54-18.oe2203sp2.aarch64.rpm bluez-debugsource-5.54-18.oe2203sp2.aarch64.rpm bluez-debuginfo-5.54-18.oe2203sp2.aarch64.rpm bluez-cups-5.54-18.oe2203sp2.aarch64.rpm bluez-libs-5.54-18.oe2203sp2.aarch64.rpm bluez-5.54-18.oe2203sp2.aarch64.rpm bluez-help-5.54-13.oe1.noarch.rpm bluez-help-5.54-13.oe1.noarch.rpm bluez-help-5.54-13.oe2003sp4.noarch.rpm bluez-help-5.54-18.oe2203.noarch.rpm bluez-help-5.54-18.oe2203sp1.noarch.rpm bluez-help-5.54-18.oe2203sp2.noarch.rpm bluez-5.54-13.oe1.src.rpm bluez-5.54-13.oe1.src.rpm bluez-5.54-13.oe2003sp4.src.rpm bluez-5.54-18.oe2203.src.rpm bluez-5.54-18.oe2203sp1.src.rpm bluez-5.54-18.oe2203sp2.src.rpm bluez-libs-5.54-13.oe1.x86_64.rpm bluez-devel-5.54-13.oe1.x86_64.rpm bluez-cups-5.54-13.oe1.x86_64.rpm bluez-debugsource-5.54-13.oe1.x86_64.rpm bluez-debuginfo-5.54-13.oe1.x86_64.rpm bluez-5.54-13.oe1.x86_64.rpm bluez-cups-5.54-13.oe1.x86_64.rpm bluez-debuginfo-5.54-13.oe1.x86_64.rpm bluez-debugsource-5.54-13.oe1.x86_64.rpm bluez-libs-5.54-13.oe1.x86_64.rpm bluez-5.54-13.oe1.x86_64.rpm bluez-devel-5.54-13.oe1.x86_64.rpm bluez-debugsource-5.54-13.oe2003sp4.x86_64.rpm bluez-devel-5.54-13.oe2003sp4.x86_64.rpm bluez-debuginfo-5.54-13.oe2003sp4.x86_64.rpm bluez-libs-5.54-13.oe2003sp4.x86_64.rpm bluez-cups-5.54-13.oe2003sp4.x86_64.rpm bluez-5.54-13.oe2003sp4.x86_64.rpm bluez-debuginfo-5.54-18.oe2203.x86_64.rpm bluez-devel-5.54-18.oe2203.x86_64.rpm bluez-libs-5.54-18.oe2203.x86_64.rpm bluez-5.54-18.oe2203.x86_64.rpm bluez-cups-5.54-18.oe2203.x86_64.rpm bluez-debugsource-5.54-18.oe2203.x86_64.rpm bluez-devel-5.54-18.oe2203sp1.x86_64.rpm bluez-5.54-18.oe2203sp1.x86_64.rpm bluez-debugsource-5.54-18.oe2203sp1.x86_64.rpm bluez-libs-5.54-18.oe2203sp1.x86_64.rpm bluez-cups-5.54-18.oe2203sp1.x86_64.rpm bluez-debuginfo-5.54-18.oe2203sp1.x86_64.rpm bluez-5.54-18.oe2203sp2.x86_64.rpm bluez-libs-5.54-18.oe2203sp2.x86_64.rpm bluez-devel-5.54-18.oe2203sp2.x86_64.rpm bluez-debuginfo-5.54-18.oe2203sp2.x86_64.rpm bluez-cups-5.54-18.oe2203sp2.x86_64.rpm bluez-debugsource-5.54-18.oe2203sp2.x86_64.rpm Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. 2023-12-22 CVE-2023-45866 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 High 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H bluez security update 2023-12-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1948