CVE-2023-45866
This commit is contained in:
Peter Robinson
parent
49a9945153
commit
74b13d9f79
51
CVE-2023-45866.patch
Normal file
51
CVE-2023-45866.patch
Normal file
@ -0,0 +1,51 @@
|
||||
From 25a471a83e02e1effb15d5a488b3f0085eaeb675 Mon Sep 17 00:00:00 2001
|
||||
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
||||
Date: Tue, 10 Oct 2023 13:03:12 -0700
|
||||
Subject: input.conf: Change default of ClassicBondedOnly
|
||||
|
||||
This changes the default of ClassicBondedOnly since defaulting to false
|
||||
is not inline with HID specification which mandates the of Security Mode
|
||||
4:
|
||||
|
||||
BLUETOOTH SPECIFICATION Page 84 of 123
|
||||
Human Interface Device (HID) Profile:
|
||||
|
||||
5.4.3.4.2 Security Modes
|
||||
Bluetooth HID Hosts shall use Security Mode 4 when interoperating with
|
||||
Bluetooth HID devices that are compliant to the Bluetooth Core
|
||||
Specification v2.1+EDR[6].
|
||||
---
|
||||
profiles/input/device.c | 2 +-
|
||||
profiles/input/input.conf | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
(limited to 'profiles/input')
|
||||
|
||||
diff --git a/profiles/input/device.c b/profiles/input/device.c
|
||||
index 4a50ea9921..4310dd192e 100644
|
||||
--- a/profiles/input/device.c
|
||||
+++ b/profiles/input/device.c
|
||||
@@ -81,7 +81,7 @@ struct input_device {
|
||||
|
||||
static int idle_timeout = 0;
|
||||
static bool uhid_enabled = false;
|
||||
-static bool classic_bonded_only = false;
|
||||
+static bool classic_bonded_only = true;
|
||||
|
||||
void input_set_idle_timeout(int timeout)
|
||||
{
|
||||
diff --git a/profiles/input/input.conf b/profiles/input/input.conf
|
||||
index 4c70bc561f..d8645f3dd6 100644
|
||||
--- a/profiles/input/input.conf
|
||||
+++ b/profiles/input/input.conf
|
||||
@@ -17,7 +17,7 @@
|
||||
# platforms may want to make sure that input connections only come from bonded
|
||||
# device connections. Several older mice have been known for not supporting
|
||||
# pairing/encryption.
|
||||
-# Defaults to false to maximize device compatibility.
|
||||
+# Defaults to true for security.
|
||||
#ClassicBondedOnly=true
|
||||
|
||||
# LE upgrade security
|
||||
--
|
||||
cgit 1.2.3-korg
|
||||
@ -6,7 +6,7 @@
|
||||
|
||||
Name: bluez
|
||||
Version: 5.70
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Summary: Bluetooth utilities
|
||||
License: GPLv2+
|
||||
URL: http://www.bluez.org/
|
||||
@ -21,6 +21,7 @@ Source1: bluez.gitignore
|
||||
Patch2: power-state-adapter-property.patch
|
||||
# Upstream backport
|
||||
Patch3: rhbz2247548.patch
|
||||
Patch4: CVE-2023-45866.patch
|
||||
|
||||
BuildRequires: dbus-devel >= 1.6
|
||||
BuildRequires: glib2-devel
|
||||
@ -331,6 +332,9 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
|
||||
%{_userunitdir}/obex.service
|
||||
|
||||
%changelog
|
||||
* Thu Dec 07 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 5.70-4
|
||||
- Add mitigation for CVE-2023-45866
|
||||
|
||||
* Sun Nov 19 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 5.70-3
|
||||
- Fix some input devices disconnecting right after connecting
|
||||
- Explicitly enable Bluetooth BAP/BASS/CSIP/MCP/MICP/VCP profiles
|
||||
|
||||
Loading…
Reference in New Issue
Block a user