Lucene search
Gentoo FoundationGLSA-202401-03HistoryJan 05, 2024 - 12:00 a.m.
BlueZ: Privilege Escalation
2024-01-0500:00:00
Gentoo Foundation
security.gentoo.org
11
bluez
privilege escalation
unauthenticated keystrokes
bluetooth
denial of service
upgrade
Background
BlueZ is the canonical bluetooth tools and system daemons package for Linux.
Description
Multiple vulnerabilities have been discovered in BlueZ. Please review the CVE identifiers referenced below for details.
Impact
An attacker may inject unauthenticated keystrokes via Bluetooth, leading to privilege escalation or denial of service.
Workaround
There is no known workaround at this time.
Resolution
All BlueZ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-wireless/bluez-5.70-r1"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-wireless/bluez | < 5.70-r1 | UNKNOWN |
Related
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0353)
2023-12-21 00:00:00
Slackware: Security Advisory (SSA:2023-348-01)
2023-12-15 00:00:00
Fedora: Security Advisory for bluez (FEDORA-2023-6a3fe615d3)
2023-12-10 00:00:00
mageia
mageia
Updated bluez packages fix a security vulnerability
2023-12-20 20:21:01
fedora
fedora
[SECURITY] Fedora 38 Update: bluez-5.70-5.fc38
2023-12-11 01:28:56
[SECURITY] Fedora 39 Update: bluez-5.70-5.fc39
2023-12-09 02:44:17
cbl_mariner
cbl_mariner
CVE-2023-45866 affecting package bluez for versions less than 5.63-5
2024-01-14 22:46:30
nessus
nessus
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : BlueZ vulnerability (USN-6540-1)
2023-12-07 00:00:00
Amazon Linux 2023 : bluez, bluez-cups, bluez-deprecated (ALAS2023-2024-473)
2024-01-08 00:00:00
Amazon Linux 2 : bluez (ALAS-2024-2386)
2024-01-09 00:00:00
osv
osv
Keystroke-injection into Pixel 4a (5G) over unauthenticated Bluetooth(All Pixel devices are impacted)
2023-12-01 00:00:00
bluez - security update
2023-12-14 00:00:00
bluez vulnerability
2023-12-07 04:07:20
debian
debian
[SECURITY] [DLA 3689-1] bluez security update
2023-12-15 09:47:35
[SECURITY] [DSA 5584-1] bluez security update
2023-12-21 19:46:41
redos
redos
ROS-20240408-06
2024-04-08 00:00:00
slackware
slackware
[slackware-security] bluez
2023-12-14 20:13:02
veracode
veracode
Improper Authentication
2023-12-15 14:07:26
redhatcve
redhatcve
CVE-2023-45866
2023-12-07 12:35:49
ubuntu
ubuntu
BlueZ vulnerability
2023-12-07 00:00:00
amazon
amazon
Important: bluez
2024-01-03 21:04:00
githubexploit
githubexploit
Exploit for Improper Authentication in Google Android
2024-01-15 07:58:28
prion
prion
Code injection
2023-12-08 06:15:00
cvelist
cvelist
CVE-2023-45866
2023-12-08 00:00:00
cve
cve
CVE-2023-45866
2023-12-08 06:15:45
debiancve
debiancve
CVE-2023-45866
2023-12-08 06:15:45
photon
photon
Moderate Photon OS Security Update - PHSA-2024-5.0-0207
2024-02-14 00:00:00
Moderate Photon OS Security Update - PHSA-2024-3.0-0708
2024-01-05 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0542
2024-01-08 00:00:00
ubuntucve
ubuntucve
CVE-2023-45866
2023-12-06 00:00:00
thn
thn
apple
apple
About the security content of iOS 17.2 and iPadOS 17.2
2023-12-11 00:00:00
About the security content of macOS Sonoma 14.2
2023-12-11 00:00:00
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00