bluez: fix CVE-2020-0556 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Anuj Mittal <anuj.mittal@intel.com>	2020-03-13 09:09:38 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-03-19 09:57:51 +0000
commit	f9ef210967ab34168d4a24930987dc0731baf56f (patch)
tree	e3e3c2293b4bc777990827ccd37890fbc6c0f4a2 /meta/recipes-support/icu/icu_64.2.bb
parent	9542f3282e9b25aaa97c24715a35c47923a07ecb (diff)
download	poky-f9ef210967ab34168d4a24930987dc0731baf56f.tar.gz

bluez: fix CVE-2020-0556

It was discovered that BlueZ's HID and HOGP profiles implementations don't specifically require bonding between the device and the host. This creates an opportunity for an malicious device to connect to a target host to either impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem from a non-bonded source. (From OE-Core rev: d598f8eee0741148416e8660e10c716654205cb5) (From OE-Core rev: c940e4b858d6be28b198770768117ecc098fa0d3) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit bed169a07b04a7dc003958fa309e6ff761f85a72) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-support/icu/icu_64.2.bb')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: