Fedora Linux 8552 Published by

A Bluez security update has been released for Fedora 38:

Fedora 38 Update: bluez-5.70-5.fc38



Fedora 38 Update: bluez-5.70-5.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-26a02512e1
2023-12-11 01:28:19.912526
--------------------------------------------------------------------------------

Name : bluez
Product : Fedora 38
Version : 5.70
Release : 5.fc38
URL : http://www.bluez.org/
Summary : Bluetooth utilities
Description :
Utilities for use in Bluetooth applications:
- avinfo
- bluemoon
- bluetoothctl
- bluetoothd
- btattach
- btmon
- hex2hcd
- l2ping
- l2test
- mpris-proxy
- rctest

The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A.

--------------------------------------------------------------------------------
Update Information:

* Install default input.conf/network.conf * Add mitigation for CVE-2023-45866
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 7 2023 Peter Robinson [pbrobinson@fedoraproject.org] - 5.70-5
- Install default input.conf/network.conf
* Thu Dec 7 2023 Peter Robinson [pbrobinson@fedoraproject.org] - 5.70-4
- Add mitigation for CVE-2023-45866
* Sun Nov 19 2023 Peter Robinson [pbrobinson@fedoraproject.org] - 5.70-3
- Fix some input devices disconnecting right after connecting
- Explicitly enable Bluetooth BAP/BASS/CSIP/MCP/MICP/VCP profiles
* Mon Oct 2 2023 Sandro Bonazzola [sbonazzo@redhat.com] - 5.70-2
- Fix access modes for /etc/bluetooth and /var/lib/bluetooth as expected
by bluetooth.service.
- Resolves: fedora#2144504
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2247548 - Unable to connect Dualshock4 v2 via Bluetooth (immediately disconnects after pairing)
https://bugzilla.redhat.com/show_bug.cgi?id=2247548
[ 2 ] Bug #2253392 - TRIAGE CVE-2023-45866 bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2253392
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-26a02512e1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--