Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 683230 (CVE-2018-10910) - <net-wireless/bluez-5.51: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices (CVE-2018-10910)
Summary: <net-wireless/bluez-5.51: failure in disabling Bluetooth discoverability in c...
Status: RESOLVED FIXED
Alias: CVE-2018-10910
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-04-13 09:33 UTC by GLSAMaker/CVETool Bot
Modified: 2020-03-26 19:09 UTC (History)
2 users (show)

See Also:
Package list:
net-wireless/bluez-5.51 dev-libs/ell-0.23
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-04-13 09:33:39 UTC 
CVE-2018-10910 (https://nvd.nist.gov/vuln/detail/CVE-2018-10910):
  A bug in Bluez may allow for the Bluetooth Discoverable state being set to
  on when no Bluetooth agent is registered with the system. This situation
  could lead to the unauthorized pairing of certain Bluetooth devices without
  any form of authentication. Versions before bluez 5.51 are vulnerable.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2019-04-13 09:36:19 UTC 
bluez-5.51 (not yet released) should contain the patches (https://bugzilla.redhat.com/show_bug.cgi?id=1602985).
Comment 2 Larry the Git Cow gentoo-dev 2019-09-29 11:01:01 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01275fe1564faa3c830bca4b0ea900fb44bafb0f

commit 01275fe1564faa3c830bca4b0ea900fb44bafb0f
Author:     Pacho Ramos <pacho@gentoo.org>
AuthorDate: 2019-09-29 10:58:47 +0000
Commit:     Pacho Ramos <pacho@gentoo.org>
CommitDate: 2019-09-29 10:58:47 +0000

    net-wireless/bluez: Version bump to 5.51
    
    - Follow Fedora for installing few more needed extra-tools, AutoEnable
      bluetooth as soon as possible for keyboard/mouse devices.
    - Install example files for meshctl (#662110)
    - Fix QA issues (#694852)
    
    Closes: https://bugs.gentoo.org/662110
    Bug: https://bugs.gentoo.org/683230
    Closes: https://bugs.gentoo.org/694852
    Closes: https://bugs.gentoo.org/695316
    Package-Manager: Portage-2.3.76, Repoman-2.3.17
    Signed-off-by: Pacho Ramos <pacho@gentoo.org>

 net-wireless/bluez/Manifest                      |   1 +
 net-wireless/bluez/bluez-5.51.ebuild             | 285 +++++++++++++++++++++++
 net-wireless/bluez/files/69-btattach-bcm.rules   |  33 +++
 net-wireless/bluez/files/bluetooth-init.d-r4     |   2 +-
 net-wireless/bluez/files/btattach-bcm-service.sh |  30 +++
 net-wireless/bluez/files/btattach-bcm_at.service |   6 +
 6 files changed, 356 insertions(+), 1 deletion(-)
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2019-10-06 21:30:20 UTC 
x86 stable
Comment 4 Aaron Bauman (RETIRED) gentoo-dev 2019-10-07 04:34:08 UTC 
arm64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2019-10-07 08:42:53 UTC 
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2019-10-07 09:47:48 UTC 
ppc stable
Comment 7 Agostino Sarubbo gentoo-dev 2019-10-07 09:53:10 UTC 
ppc64 stable
Comment 8 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-11-01 10:28:42 UTC 
arm stable
Comment 9 Pacho Ramos gentoo-dev 2020-03-11 13:37:27 UTC 
older versions were cleaned
Comment 10 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-26 19:02:01 UTC 
Tree is clean.
Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-26 19:09:16 UTC 
GLSA Vote: No

Repository is clean, all done!