安全公告详情

NS-SA-2025-0149

2025-07-25 16:49:52

简介

moderate: bluez security update

严重级别

moderate

主题

An update for bluez is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

bluez:


Security Fix(es):
bluez: A flaw was found in the HID Profile in BlueZ that opens doors for unauthorized connections, especially by devices like keyboards, to inject keystrokes without user confirmation. BlueZ lacks proper restrictions on non-bonded devices, creating a risk for attackers that are physically close to inject keystrokes and execute arbitrary commands when the device is in a discoverable state.(CVE-2023-45866)
bluez: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.

影响组件

  • bluez

影响产品

  • CGSL MAIN 7.02

更新包

{"fix":[{"product":"CGSL MAIN 7.02","pkgs":[{"binary":["bluez-libs-5.71-1.zncgsl7.3.x86_64.rpm","bluez-5.71-1.zncgsl7.3.x86_64.rpm","bluez-obexd-5.71-1.zncgsl7.3.x86_64.rpm"],"source":"bluez-5.71-1.zncgsl7.3.src.rpm"}]}]}

CVE

参考