| Summary: | bluez new security issue CVE-2017-1000250 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | lewyssmith, marja11, shlomif, sysadmin-bugs, tarazed25, tmb |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA5TOO MGA5-64-OK MGA6-64-OK | ||
| Source RPM: | bluez-5.45-2.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2017-09-12 19:22:33 CEST
RedHat has issued an advisory and additional information for the kernel: https://access.redhat.com/errata/RHSA-2017:2681 https://access.redhat.com/security/vulnerabilities/blueborne Nobody has issued an advisory for bluez yet, but Fedora has checked a patch into SVN: http://pkgs.fedoraproject.org/cgit/rpms/bluez.git/commit/?id=268965a3ff29e5a92a60d2dcf398d9b20a551240 CC:
(none) =>
tmb RedHat has issued an advisory for bluez: https://access.redhat.com/errata/RHSA-2017:2685 So has Ubuntu: https://usn.ubuntu.com/usn/usn-3413-1/ kernel fixes is coming in upstream stable trees currently being validated... for mga5: 4.4.88, mga6: 4.9.50, cauldron: 4.12.13 So I'll release them all tomorrow for QA (In reply to Thomas Backlund from comment #4) > kernel fixes is coming in upstream stable trees currently being > validated... for mga5: 4.4.88, mga6: 4.9.50, cauldron: 4.12.13 > > So I'll release them all tomorrow for QA So the issue only remains for bluez. Assigning to the registered bluez maintainer. Assignee:
bugsquad =>
shlomif Full details of these issues: http://openwall.com/lists/oss-security/2017/09/13/4 Submitted updates to Cauldron/mga6/mga5. Note that the mga6 update was accidently submittd to tainted/updates_testing. Whiteboard:
MGA6TOO, MGA5TOO =>
MGA5TOO Fedora has issued an advisory for this on September 13: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AWVMZIXGZ564SXHHRWGEALD7LRSJGI5Q/ (In reply to Shlomi Fish from comment #7) > Submitted updates to Cauldron/mga6/mga5. Note that the mga6 update was > accidently submittd to tainted/updates_testing. Then you must re-submit to core/updates_testing. (In reply to Thomas Backlund from comment #9) > (In reply to Shlomi Fish from comment #7) > > Submitted updates to Cauldron/mga6/mga5. Note that the mga6 update was > > accidently submittd to tainted/updates_testing. > > > Then you must re-submit to core/updates_testing. done - thanks! Thanks Shlomi! Advisory: ======================== Updated bluez packages fixes security vulnerability: An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol (SDP). A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information such as Bluetooth encryption keys (CVE-2017-1000250). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250 https://access.redhat.com/security/vulnerabilities/blueborne https://access.redhat.com/errata/RHSA-2017:2685 ======================== Updated packages in core/updates_testing: ======================== bluez-5.28-1.1.mga5 bluez-cups-5.28-1.1.mga5 bluez-hid2hci-5.28-1.1.mga5 libbluez3-5.28-1.1.mga5 libbluez-devel-5.28-1.1.mga5 bluez-5.45-2.1.mga6 bluez-cups-5.45-2.1.mga6 bluez-hid2hci-5.45-2.1.mga6 libbluez3-5.45-2.1.mga6 libbluez-devel-5.45-2.1.mga6 from SRPMS: bluez-5.28-1.1.mga5.src.rpm bluez-5.45-2.1.mga6.src.rpm CC:
(none) =>
shlomif mga5 x86_64 Installed the updates from Updates Testing. Ran blueman-assistant to discover the USB bluetooth adapter and paired a Bose Mini Soundlink then configured sound via pavucontrol. Played "Let The Bright Seraphim" using mplayer. $ bluetoothctl [NEW] Controller <MAC address> vega [default] [NEW] Device 00:0C:8A:9D:21:C3 Bose Mini SoundLink [bluetooth]# version Version 5.28 [bluetooth]# info 00:0C:8A:9D:21:C3 Device 00:0C:8A:9D:21:C3 Name: Bose Mini SoundLink Alias: Bose Mini SoundLink Class: 0x240428 Icon: audio-card Paired: yes Trusted: yes Blocked: no Connected: yes LegacyPairing: no UUID: Audio Sink (0000110b-0000-1000-8000-00805f9b34fb) UUID: A/V Remote Control Target (0000110c-0000-1000-8000-00805f9b34fb) UUID: Advanced Audio Distribu.. (0000110d-0000-1000-8000-00805f9b34fb) UUID: A/V Remote Control (0000110e-0000-1000-8000-00805f9b34fb) Good enough. CC:
(none) =>
tarazed25
Len Lawrence
2017-09-14 20:21:57 CEST
Whiteboard:
MGA5TOO =>
MGA5TOO MGA5-64-OK mga6 x86_64 rfkill is useful for checking the status of wireless devices. $ rfkill list 0: phy0: Wireless LAN Soft blocked: no Hard blocked: no 1: hci0: Bluetooth Soft blocked: no Hard blocked: no Installed the bluetooth packages from Updates Testing. Ran bluetoothctl in a terminal to check what was happening under the hood. Invoked blueman-assistant to search for devices in range of the BT USB adapter. It found the HP Officejet 100 printer and the Samsung TV in the other room, the Mini Soundlink and the Damson Cisor. Paired with the Mini Soundlink and played an organ concerto. Switched off the Mini Soundlink and paired with the Damson Cisor and played more music. Had a go at connecting the printer; it paired OK with the passcode of 000000, but no contact. At least it was detected and the identification string returned. More experimentation needed. The basics are there so it gets an OK.
Len Lawrence
2017-09-14 23:07:20 CEST
Whiteboard:
MGA5TOO MGA5-64-OK =>
MGA5TOO MGA5-64-OK MGA6-64-OK mga6 x86_64
A little more digging behind the scenes.
The hci utilities are installed and l2ping but I am unsure of bluetoothd. It does not seem to run as a service. Just checked services and found bluetooth running;
$ systemctl status bluetooth
● bluetooth.service - Bluetooth service
Loaded: loaded (/usr/lib/systemd/system/bluetooth.service; enabled; vendor pr
Active: active (running) since Thu 2017-09-14 21:05:11 BST; 1h 19min ago
Docs: man:bluetoothd(8)
Main PID: 21079 (bluetoothd)
Status: "Running"
CGroup: /system.slice/bluetooth.service
└─21079 /usr/libexec/bluetooth/bluetoothd
$ urpmq --whatrequires bluez | sort -u
anyremote
bluedevil
blueman
bluez
connman
ganyremote
gnome-bluetooth
gnome-user-share
lib64qt5bluetooth5
libqt5bluetooth5
networkmanager-bluetooth
perl-Net-Bluetooth
If you are using Plasma bluedevil is the native manager. Run bluedevil-wizard from the commandline. Invoking bluedevil from the menu places a bt icon in the panel IIRC. That gives you access to management functions.
Thanks Len for both release tests, 64-bit. Warrants pushing. Advisoried. Keywords:
(none) =>
advisory, validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0350.html Status:
NEW =>
RESOLVED (In reply to Shlomi Fish from comment #7) > Submitted updates to Cauldron/mga6/mga5. Note that the mga6 update was > accidently submittd to tainted/updates_testing. @sysadmins: could this package be removed from tainted/updates_testing, please? It's there for more than a year. |