1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202401-03 ] BlueZ: Privilege Escalation

    From glsamaker@gentoo.org@21:1/5 to All on Fri Jan 5 13:20:01 2024
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202401-03
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: High
    Title: BlueZ: Privilege Escalation
    Date: January 05, 2024
    Bugs: #919383
    ID: 202401-03

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    Multiple vulnerabilities have been discovered in Bluez, the worst of
    which can lead to privilege escalation.

    Background
    ==========

    BlueZ is the canonical bluetooth tools and system daemons package for
    Linux.

    Affected packages
    =================

    Package Vulnerable Unaffected
    ------------------ ------------ ------------
    net-wireless/bluez < 5.70-r1 >= 5.70-r1

    Description
    ===========

    Multiple vulnerabilities have been discovered in BlueZ. Please review
    the CVE identifiers referenced below for details.

    Impact
    ======

    An attacker may inject unauthenticated keystrokes via Bluetooth, leading
    to privilege escalation or denial of service.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All BlueZ users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-wireless/bluez-5.70-r1"

    References
    ==========

    [ 1 ] CVE-2023-45866
    https://nvd.nist.gov/vuln/detail/CVE-2023-45866

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202401-03

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2024 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmWX8c4ACgkQFMQkOaVy +9kGBw/8CsEf62+uE/1ZGJmi3RMMcSXsFpRmeCvPk/sSRkH+1gTj6dAqqF4ksRos SHHzl6ccffwzolH48WgDO51gpuZfCFqmngT/QbpzpeuDsLmM7TjeujteaoRq7t0T wnvoW0oz02Xuu0z3KXWt1D0kSFjLJ5kQd055c1viddntBVpBHgjwGCgbNXFZbqRs cgcDpaArskoWT9PeLu1jahpHrd3HBGf4nauzrB926xu/Aypk0fD8BbTAiJk8xmRf +pAms+Nm3cq+x0I8r2q9+zoFZuklKlgh9JFEHbOtZ4p8Ht515Bers8G+rS0ov2H5 P6pSqexTVF0+hUMztr/hWhNhITj6rjCm9hdMFZMWzdbQzlBjIMbm8ANEwZOt9Xwy JXh/JS9AVDExEdsX9MvnAyszvMoLe1677xgaarlqv+kY4hVpkP/4FCggN9dqcp4f NkDt/ua4+f03XvmXUB0cnzheUswlu/GxZWqYYAVYMNSPClVsLewuYocal6W/vFN8 ZOIttxvyyvzD0LpX2xaIEVhUGgSrbIaeN2/oJq4PfBellrAlrpul6YXfyrRZ+g6v E8pUEwDsBZXAxuyYEc6MUiQahhspD5rFeu74pdhMx0FBSDjGDnCMcp3GLcu666zO fcyE4GCS0AJVNPgrMoVRbFKANmcF5AMH4ZAwB5p5fnslvXQL9qg=
    =XSnP
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)