Security update for bluez SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20804-1 Final 1 1 2025-10-01T13:47:55Z current 2025-10-01T13:47:55Z 2025-10-01T13:47:55Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for bluez This update for bluez fixes the following issues: - CVE-2023-45866: Fixed unauthorized HID device connections allowing keystroke injection and arbitrary commands execution (bsc#1217877) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.1-293 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520804-1/ Link for SUSE-SU-2025:20804-1 https://lists.suse.com/pipermail/sle-updates/2025-October/042137.html E-Mail link for SUSE-SU-2025:20804-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1217877 SUSE Bug 1217877 https://www.suse.com/security/cve/CVE-2023-45866/ SUSE CVE CVE-2023-45866 page SUSE Linux Micro 6.1 libbluetooth3-5.70-slfo.1.1_2.1 libbluetooth3-5.70-slfo.1.1_2.1 as a component of SUSE Linux Micro 6.1 Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. CVE-2023-45866 SUSE Linux Micro 6.1:libbluetooth3-5.70-slfo.1.1_2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520804-1/ https://www.suse.com/security/cve/CVE-2023-45866.html CVE-2023-45866 https://bugzilla.suse.com/1217877 SUSE Bug 1217877