Attention, fellow Linux users,

Today, I’m here to alert you of a recent zero-click Bluetooth flaw that enables attackers to secretly pair with devices such as keyboards and inject keystrokes without user interaction or knowledge. This stealthy bug exposes a potential attack vector that could compromise a wide range of devices.

The implications of this vulnerability are far-reaching and significant, given the prevalence of Bluetooth technologies worldwide. The article I link to here contains the technical details you may want to know about this bug. 

Read on to learn how to mitigate this flaw and find out about other impactful vulnerabilities recently found and fixed in your open-source programs and applications. 

Are your friends and fellow admins aware of this risk? Share this newsletter with them just to be sure! Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from passionate, knowledgeable community members who share our enthusiasm for Linux and security!

Stay safe out there,

Brittany Signature 150 Esm W150

BlueZ

The Discovery 

A zero-click Bluetooth flaw has been discovered that enables attackers to secretly pair with devices such as keyboards and inject keystrokes without user interaction or knowledge (CVE-2023-45866). 

Bluez Esm W180

The Impact

The implications of this vulnerability are far-reaching and significant. Bluetooth technologies are prevalent worldwide, highlighting the widespread nature of this vulnerability. This flaw exposes a potential attack vector that could compromise a wide range of devices. 

The Fix

An essential BlueZ security update has been released to mitigate this impactful Bluetooth bug. Given this vulnerability’s threat to affected systems, if left unpatched, we urge all impacted users to update now. Doing so will protect against attacks potentially leading to the compromise of your critical Linux-powered devices.

Your Related Advisories:

[distro_list_1]

Thunderbird

The Discovery 

Have you updated to protect against the significant vulnerabilities recently found in the widely used Thunderbird email client? If a user were tricked into opening a specially crafted website in a browsing context, an attacker could exploit these issues to cause a denial of service, obtain sensitive data, bypass security restrictions, perform cross-site tracing, or execute arbitrary code.

Thunderbird Esm W226

The Impact

Exploitation of these flaws could result in the theft of sensitive information or loss of system availability.

The Fix

An essential update for Thunderbird has been released to fix these impactful bugs. Given these vulnerabilities’ severe threat to affected systems, if left unpatched, we urge all impacted users to update promptly to secure their critical data and protect against loss of system access.

Your Related Advisories:

[distro_list_2]

OpenSSH

The Discovery 

Distros continue to release updates addressing the infamous OoenSSH “Terrapin vulnerability,” which allows a man-in-the-middle (MITM) attacker to access impacted users’ sensitive information in transit, as well as other severe OpenSSH vulnerabilities that were recently discovered. 

OpenSSH Esm W190

The Impact

These issues could result in privilege escalation attacks, enabling malicious hackers to view additional infrastructure to attack, add or delete users, or modify permissions of files or other users. Exploitation of these flaws could also lead to unauthorized access or misuse of keys.

The Fix

Critical OpenSSH updates have been released to mitigate these dangerous bugs. Given these vulnerabilities’ severe threat to affected systems, if left unpatched, we strongly recommend that all impacted users update immediately to prevent privilege escalation on their systems and protect their sensitive data.

Your Related Advisories:

[distro_list_3]