ALAS-2024-2386

Amazon Linux 2 Security Advisory: ALAS-2024-2386
Advisory Release Date: 2024-01-03 21:04 Pacific
Advisory Updated Date: 2024-01-09 17:58 Pacific

Severity: Important

References: CVE-2023-45866
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution (CVE-2023-45866)

Affected Packages:

bluez

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update bluez to update your system.

New Packages:

aarch64:
    bluez-5.44-7.amzn2.0.4.aarch64
    bluez-libs-5.44-7.amzn2.0.4.aarch64
    bluez-libs-devel-5.44-7.amzn2.0.4.aarch64
    bluez-cups-5.44-7.amzn2.0.4.aarch64
    bluez-hid2hci-5.44-7.amzn2.0.4.aarch64
    bluez-debuginfo-5.44-7.amzn2.0.4.aarch64

i686:
    bluez-5.44-7.amzn2.0.4.i686
    bluez-libs-5.44-7.amzn2.0.4.i686
    bluez-libs-devel-5.44-7.amzn2.0.4.i686
    bluez-cups-5.44-7.amzn2.0.4.i686
    bluez-hid2hci-5.44-7.amzn2.0.4.i686
    bluez-debuginfo-5.44-7.amzn2.0.4.i686

src:
    bluez-5.44-7.amzn2.0.4.src

x86_64:
    bluez-5.44-7.amzn2.0.4.x86_64
    bluez-libs-5.44-7.amzn2.0.4.x86_64
    bluez-libs-devel-5.44-7.amzn2.0.4.x86_64
    bluez-cups-5.44-7.amzn2.0.4.x86_64
    bluez-hid2hci-5.44-7.amzn2.0.4.x86_64
    bluez-debuginfo-5.44-7.amzn2.0.4.x86_64

Additional References

Red Hat: CVE-2023-45866

Mitre: CVE-2023-45866

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS-2024-2386

Additional References