-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3689-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb December 14, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : bluez Version : 5.50-1.2~deb10u4 CVE ID : CVE-2023-45866 Debian Bug : 1057914 It was discovered that there was a keyboard injection attack in Bluez, a set of services and tools for interacting with wireless Bluetooth devices. Prior to this change, BlueZ may have permitted an unauthenticated peripherals to establish encrypted connections and thereby accept keyboard reports, potentially permitting injection of HID (~keyboard) commands, despite no user authorising such access. For Debian 10 buster, this problem has been fixed in version 5.50-1.2~deb10u4. We recommend that you upgrade your bluez packages. For the detailed security status of bluez please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bluez Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmV7N1gACgkQHpU+J9Qx HlgxNQ/+Jr1PTfKp6tKFfqbbS6bNJxzqOfXOmGoioCyV9D992dFMo6VPiOzvnSIa MV9bXmOSwLGUw6STCGwWUHcQvWuXhfSS3NRLC8IjrLQJSe5L8D75mloNbY/E8ibD C9/oKdcWHeXB2oY+yEZCpsTlhF8l86AVSHtrU/IU8yzdNRHSfBGVEVX2UREtwY8Q 2Gx9CfB8pzdVgNVUTuoDsov0+beo90/3xO4CHBaB4lr7aOFej7T0B4iqyyhTXjr7 mIEUhtMhGMJP5DPwbtcixN5LUJht4BpnnTltvGkUVKT+J7UNV0DvzkvJRL7dpNRk q1cq9yK5dyVnMN+TF9J2WC8uvu0uVDqUZAX0CJxYkBdjTl8Ebw/B9pIqIU6Tqmtm FhtneRsIXTzeYqPNfHpFOmDQS83d37qCFBhRg32DDNbKv3aY8aIEBNP0jVz9ySTs x6HjIjKE3LkuGek37Bv3Tb93SqV+9kIsqa2vNxaBTBObo4raj6RRqWqNUG6Zaw36 RwQim8/xbvndjnpwPGWeX0aXX4uS4iorNBrjhaHl0vZPYf+/UOxqRQxzVTLf7nkr e0+EkQh0fva2bNuchrmW39vNqU67gdPImGIPeWjByfIiiOuNs6Hx95gM+8O55xpb 2elxNWo3mVyypyhJan9Bh8maucA4YtgLIzkgQTTMOAQw/yMy1lM= =SKeh -----END PGP SIGNATURE-----