[USN-3856-1] GNOME Bluetooth vulnerability


This is an OpenPGP/MIME signed message (RFC 4880 and 3156)

protocol=”application/pgp-signature”;
boundary=”9qap7Kbhrpf0AhH0ETINvO1MtaWvasl1i”

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–9qap7Kbhrpf0AhH0ETINvO1MtaWvasl1i

protected-headers=”v1″
From: Marc Deslauriers
Reply-To: Ubuntu Security
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID:
Subject: [USN-3856-1] GNOME Bluetooth vulnerability

–vKOmI7vep0w69mYj5Br8XWGmJwhz8GANU

Content-Language: en-CA
Content-Transfer-Encoding: quoted-printable

=
=

Ubuntu Security Notice USN-3856-1
January 14, 2019

gnome-bluetooth vulnerability
=
=

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

GNOME Bluetooth could allow unintended access to devices.

Software Description:
– gnome-bluetooth: GNOME Bluetooth tools

Details:

Chris Marchesi discovered that BlueZ incorrectly handled disabling
Bluetooth visibility. A remote attacker could possibly pair to devices,
contrary to expectations. This update adds a workaround to GNOME Bluetoot=
h
to fix the issue.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
gnome-bluetooth 3.28.0-2ubuntu0.1
libgnome-bluetooth13 3.28.0-2ubuntu0.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3856-1
CVE-2018-10910

Package Information:
https://launchpad.net/ubuntu/+source/gnome-bluetooth/3.28.0-2ubuntu0.1

–vKOmI7vep0w69mYj5Br8XWGmJwhz8GANU–

–9qap7Kbhrpf0AhH0ETINvO1MtaWvasl1i

Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename=”signature.asc”

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlw8qwEACgkQZWnYVadE
vpMRaQ/+IpNInXleMVo7VZt5V3WFbH3hda96xMx012KRTXXJg6rfRqFr4RR7PPQr
/L0UTpC301bCr9aoITaB3Mf38ZV8LaGm3Ud4ZP+grDyAsF3ZSZhcBmHXwljBQlJ+
HVbzMHENrCGuUSMgW86UlTAZpb1KAgJOtrfFh5mDlXaUTU49GN6CP9UUzE7p8gPd
sBjwSHKWwNIYPaWOKX8vzgKfE8gMo3ISPUbU3lH1ckNCMZrRtbyixeYMiFEn8kV5
DEAqCAlI+spwwPtJeWSl67rbfsRM+olN6AToyDK/7ldnVp+vwIBilvX2NRqJZQRA
Fibi5LhW2pLiugBTozxZ+h7VUnHSrIEO1XBxQSd5463WHJCC4PZFRJ05PgAzIW/5
bhNL15KhhQ0koqtbJJAyoHloVZjvuG/pe6qqgXkPv8V51NttbR4ydQtiBDtr7XgZ
aYVgjKUAsEv5UbKmdagmZumF0xOoCtJRt58C9AigaJJ3KcwLrnCFrUKFnaxpMsgV
D4jVVlcP6QoKs3LALpyVMJGBMic4GRSu0dGUY6EKX3Za9qnL3XY/JurLfW9r2/7y
RcNjVDJdPCHQ1kdOcUqn6yiZjzF2pS6z033o4xhNrboDobuADzejcyX2ogQBKINp
m+uk9w24+jGkAblxf7PMpMt2QLNEEl7L7jZ33Ji4M/7np3mue6U=
=7rPq
—–END PGP SIGNATURE—–

–9qap7Kbhrpf0AhH0ETINvO1MtaWvasl1i–

MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK