Debian User Forums

For me this is a non issue, I don't use it, but I know many users do.

https://www.kb.cert.org/vuls/id/240311

These vulnerabilities collectively affect Windows, iOS, and Linux-kernel-based operating systems including Android and Tizen, and may in worst case allow an unauthenticated attacker to perform commands on the device.

I don't use it either. I am still baffled why I need it on my notebook when copying with an USB from my smartphone is faster.

And that name "BlueBorne", haha. Clearly someone who likes Fromsoft games.

Dear Debian, good thing I do not use Bluetooth. I fell sorry for the KDE connect guys tho

But you do realize that a fix for this was issued the 13th of Sep already? That's, what, three days before you post about it.
https://www.debian.org/security/2017/dsa-3972

Well, no, since I do not use this bluez package, nor blue tooth, I did not know that.

That's, what, three days before you post about it.

13 sept, yes that was 3 days ago,... so Should I remove my post ?

In any event , now those that do use it, also know there is a fix.
And my apology for posting it 3 days after a fix was made.

GarryRicketson wrote:[,,,]
And my apology for posting it 3 days after a fix was made.

No need to apologize Garry. Your post is a good reminder to everyone to keep their system updated.

When I said: "you do realize.." I wasn't referring to Garry alone. I was referring to the fact that three posts are "gloating" on the issue not even realizing it is fixed.

Bluetooth is not a good protocol for file transfer (from a mobile phone for example). But it is really good for a lot of things (low latency, low power consumption). For example, I created a Debian based RC car which uses serial over bluetooth contolled from a phone. Try pull that off in any sensible sense with some other protocol. WIFI is an option, but power hungry and you most likely need a router or network, RF or infra red.. yes but how do you connect it to a phone? What about audio streaming? Yeah, sure, you can stream over Wifi, but considering the power usage it does not make a lot of sense in all situations...

But yes, Garry. I actually think that it is immoral - in a way - that in that other thread (http://forums.debian.net/viewtopic.php?f=7&t=134698) you told a guy that was attempting to use a bluetooth device (that he needs for work!) to not use it because "bluetooth is insecure". Then you referenced a vulnerability that is already fixed. All networking protocols and software have vulnerabilities, yet you are not advocating the non-use of Wifi or Ethernet etc. You don't like bluetooth. FIne, but say it then. To me that post read as trying to masquerade your opinion as fact.

For what it's worth, people should notice that this vulnerability is fixed in bluez 5.47 upstream. That means that currently it is not fixed in Debian testing (5.45) and Sid (5.46), only in Stretch and Jessie.

The upstream fix entered Buster just a few days ago. So that's about 2 weeks later than for stable. So when people wonder what "official" security updates are... here is your answer.