Bluetooth security issues have been disclosed in the press today (September 12): http://www.eweek.com/security/bluetooth-blueborne-flaws-expose-billions-of-devices-to-security-risks bluez is affected (including Mageia 5 and Mageia 6), and the kernel is affected as well (CVE-2017-1000251).
RedHat has issued an advisory and additional information for the kernel: https://access.redhat.com/errata/RHSA-2017:2681 https://access.redhat.com/security/vulnerabilities/blueborne Nobody has issued an advisory for bluez yet, but Fedora has checked a patch into SVN: http://pkgs.fedoraproject.org/cgit/rpms/bluez.git/commit/?id=268965a3ff29e5a92a60d2dcf398d9b20a551240
CC: (none) => tmbWhiteboard: (none) => MGA6TOO, MGA5TOO
RedHat bug for bluez: https://bugzilla.redhat.com/show_bug.cgi?id=1489446
Severity: normal => major
RedHat has issued an advisory for bluez: https://access.redhat.com/errata/RHSA-2017:2685 So has Ubuntu: https://usn.ubuntu.com/usn/usn-3413-1/
kernel fixes is coming in upstream stable trees currently being validated... for mga5: 4.4.88, mga6: 4.9.50, cauldron: 4.12.13 So I'll release them all tomorrow for QA
(In reply to Thomas Backlund from comment #4) > kernel fixes is coming in upstream stable trees currently being > validated... for mga5: 4.4.88, mga6: 4.9.50, cauldron: 4.12.13 > > So I'll release them all tomorrow for QA So the issue only remains for bluez. Assigning to the registered bluez maintainer.
Assignee: bugsquad => shlomifCC: (none) => marja11
Full details of these issues: http://openwall.com/lists/oss-security/2017/09/13/4
Submitted updates to Cauldron/mga6/mga5. Note that the mga6 update was accidently submittd to tainted/updates_testing.
Whiteboard: MGA6TOO, MGA5TOO => MGA5TOOVersion: Cauldron => 6
Fedora has issued an advisory for this on September 13: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AWVMZIXGZ564SXHHRWGEALD7LRSJGI5Q/
(In reply to Shlomi Fish from comment #7) > Submitted updates to Cauldron/mga6/mga5. Note that the mga6 update was > accidently submittd to tainted/updates_testing. Then you must re-submit to core/updates_testing.
(In reply to Thomas Backlund from comment #9) > (In reply to Shlomi Fish from comment #7) > > Submitted updates to Cauldron/mga6/mga5. Note that the mga6 update was > > accidently submittd to tainted/updates_testing. > > > Then you must re-submit to core/updates_testing. done - thanks!
Thanks Shlomi! Advisory: ======================== Updated bluez packages fixes security vulnerability: An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol (SDP). A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information such as Bluetooth encryption keys (CVE-2017-1000250). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250 https://access.redhat.com/security/vulnerabilities/blueborne https://access.redhat.com/errata/RHSA-2017:2685 ======================== Updated packages in core/updates_testing: ======================== bluez-5.28-1.1.mga5 bluez-cups-5.28-1.1.mga5 bluez-hid2hci-5.28-1.1.mga5 libbluez3-5.28-1.1.mga5 libbluez-devel-5.28-1.1.mga5 bluez-5.45-2.1.mga6 bluez-cups-5.45-2.1.mga6 bluez-hid2hci-5.45-2.1.mga6 libbluez3-5.45-2.1.mga6 libbluez-devel-5.45-2.1.mga6 from SRPMS: bluez-5.28-1.1.mga5.src.rpm bluez-5.45-2.1.mga6.src.rpm
CC: (none) => shlomifAssignee: shlomif => qa-bugs
mga5 x86_64 Installed the updates from Updates Testing. Ran blueman-assistant to discover the USB bluetooth adapter and paired a Bose Mini Soundlink then configured sound via pavucontrol. Played "Let The Bright Seraphim" using mplayer. $ bluetoothctl [NEW] Controller <MAC address> vega [default] [NEW] Device 00:0C:8A:9D:21:C3 Bose Mini SoundLink [bluetooth]# version Version 5.28 [bluetooth]# info 00:0C:8A:9D:21:C3 Device 00:0C:8A:9D:21:C3 Name: Bose Mini SoundLink Alias: Bose Mini SoundLink Class: 0x240428 Icon: audio-card Paired: yes Trusted: yes Blocked: no Connected: yes LegacyPairing: no UUID: Audio Sink (0000110b-0000-1000-8000-00805f9b34fb) UUID: A/V Remote Control Target (0000110c-0000-1000-8000-00805f9b34fb) UUID: Advanced Audio Distribu.. (0000110d-0000-1000-8000-00805f9b34fb) UUID: A/V Remote Control (0000110e-0000-1000-8000-00805f9b34fb) Good enough.
CC: (none) => tarazed25
Whiteboard: MGA5TOO => MGA5TOO MGA5-64-OK
mga6 x86_64 rfkill is useful for checking the status of wireless devices. $ rfkill list 0: phy0: Wireless LAN Soft blocked: no Hard blocked: no 1: hci0: Bluetooth Soft blocked: no Hard blocked: no Installed the bluetooth packages from Updates Testing. Ran bluetoothctl in a terminal to check what was happening under the hood. Invoked blueman-assistant to search for devices in range of the BT USB adapter. It found the HP Officejet 100 printer and the Samsung TV in the other room, the Mini Soundlink and the Damson Cisor. Paired with the Mini Soundlink and played an organ concerto. Switched off the Mini Soundlink and paired with the Damson Cisor and played more music. Had a go at connecting the printer; it paired OK with the passcode of 000000, but no contact. At least it was detected and the identification string returned. More experimentation needed. The basics are there so it gets an OK.
Whiteboard: MGA5TOO MGA5-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OK
mga6 x86_64 A little more digging behind the scenes. The hci utilities are installed and l2ping but I am unsure of bluetoothd. It does not seem to run as a service. Just checked services and found bluetooth running; $ systemctl status bluetooth ● bluetooth.service - Bluetooth service Loaded: loaded (/usr/lib/systemd/system/bluetooth.service; enabled; vendor pr Active: active (running) since Thu 2017-09-14 21:05:11 BST; 1h 19min ago Docs: man:bluetoothd(8) Main PID: 21079 (bluetoothd) Status: "Running" CGroup: /system.slice/bluetooth.service └─21079 /usr/libexec/bluetooth/bluetoothd $ urpmq --whatrequires bluez | sort -u anyremote bluedevil blueman bluez connman ganyremote gnome-bluetooth gnome-user-share lib64qt5bluetooth5 libqt5bluetooth5 networkmanager-bluetooth perl-Net-Bluetooth If you are using Plasma bluedevil is the native manager. Run bluedevil-wizard from the commandline. Invoking bluedevil from the menu places a bt icon in the panel IIRC. That gives you access to management functions.
Thanks Len for both release tests, 64-bit. Warrants pushing. Advisoried.
Keywords: (none) => advisory, validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0350.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
(In reply to Shlomi Fish from comment #7) > Submitted updates to Cauldron/mga6/mga5. Note that the mga6 update was > accidently submittd to tainted/updates_testing. @sysadmins: could this package be removed from tainted/updates_testing, please? It's there for more than a year.