Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Bluetooth security issue

Off-Topic discussions about science, technology, and non Debian specific topics.
Post Reply
Message
Author
User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Bluetooth security issue

#1 Post by GarryRicketson »

For me this is a non issue, I don't use it, but I know many users do.

https://www.kb.cert.org/vuls/id/240311
These vulnerabilities collectively affect Windows, iOS, and Linux-kernel-based operating systems including Android and Tizen, and may in worst case allow an unauthenticated attacker to perform commands on the device.

Wheelerof4te
Posts: 1454
Joined: 2015-08-30 20:14

Re: Bluetooth security issue

#2 Post by Wheelerof4te »

I don't use it either. I am still baffled why I need it on my notebook when copying with an USB from my smartphone is faster.

And that name "BlueBorne", haha. Clearly someone who likes Fromsoft games.

User avatar
VentGrey
Posts: 171
Joined: 2016-04-26 23:57
Location: Guanajuato México

Re: Bluetooth security issue

#3 Post by VentGrey »

Dear Debian, good thing I do not use Bluetooth. :mrgreen: I fell sorry for the KDE connect guys tho :P
I would exchange everything I know in exchange for half of what I don't.

User avatar
pylkko
Posts: 1802
Joined: 2014-11-06 19:02

Re: Bluetooth security issue

#4 Post by pylkko »

But you do realize that a fix for this was issued the 13th of Sep already? That's, what, three days before you post about it.
https://www.debian.org/security/2017/dsa-3972

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Bluetooth security issue

#5 Post by GarryRicketson »

Well, no, since I do not use this bluez package, nor blue tooth, I did not know that.
That's, what, three days before you post about it.
13 sept, yes that was 3 days ago,... so Should I remove my post ?

In any event , now those that do use it, also know there is a fix.
And my apology for posting it 3 days after a fix was made.

User avatar
RU55EL
Posts: 546
Joined: 2014-04-07 03:42
Location: /home/russel

Re: Bluetooth security issue

#6 Post by RU55EL »

GarryRicketson wrote:[,,,]
And my apology for posting it 3 days after a fix was made.
No need to apologize Garry. Your post is a good reminder to everyone to keep their system updated.

User avatar
pylkko
Posts: 1802
Joined: 2014-11-06 19:02

Re: Bluetooth security issue

#7 Post by pylkko »

When I said: "you do realize.." I wasn't referring to Garry alone. I was referring to the fact that three posts are "gloating" on the issue not even realizing it is fixed. :roll:

Bluetooth is not a good protocol for file transfer (from a mobile phone for example). But it is really good for a lot of things (low latency, low power consumption). For example, I created a Debian based RC car which uses serial over bluetooth contolled from a phone. Try pull that off in any sensible sense with some other protocol. WIFI is an option, but power hungry and you most likely need a router or network, RF or infra red.. yes but how do you connect it to a phone? What about audio streaming? Yeah, sure, you can stream over Wifi, but considering the power usage it does not make a lot of sense in all situations...

But yes, Garry. I actually think that it is immoral - in a way - that in that other thread (http://forums.debian.net/viewtopic.php?f=7&t=134698) you told a guy that was attempting to use a bluetooth device (that he needs for work!) to not use it because "bluetooth is insecure". Then you referenced a vulnerability that is already fixed. All networking protocols and software have vulnerabilities, yet you are not advocating the non-use of Wifi or Ethernet etc. You don't like bluetooth. FIne, but say it then. To me that post read as trying to masquerade your opinion as fact.

For what it's worth, people should notice that this vulnerability is fixed in bluez 5.47 upstream. That means that currently it is not fixed in Debian testing (5.45) and Sid (5.46), only in Stretch and Jessie.

User avatar
pylkko
Posts: 1802
Joined: 2014-11-06 19:02

Re: Bluetooth security issue

#8 Post by pylkko »

The upstream fix entered Buster just a few days ago. So that's about 2 weeks later than for stable. So when people wonder what "official" security updates are... here is your answer.

Post Reply