Regardless of how the bluetooth device works, enabling unbonded devices
in BlueZ makes a computer vulnerable to CVE-2023-45866. It won't be
enabled by the security team.
Perhaps GNOME or other desktops could become more aware of gaming
controllers with these issues to make pairing easier, without
Particularly on the case of PS3 controller, I still think this is a
regression that could be fixed.
PS3 controllers do not use the standard Bluetooth connection procedure.
Instead, they require a connection via USB, and keys are exchanged via
there. There is the special `sixaxis` BlueZ plugin to
** Description changed:
+ [ Workaround ]
+
+ 1. Set ClassicBondedOnly=false in /etc/bluetooth/input.conf
+ 2. Run: systemctl restart bluetooth # or reboot
+
+ [ Original Description ]
+
Once my Ubuntu updated bluez package to 5.64-0ubuntu1.1 I was not able
to connect my PS3 Sixasis
If this is a security issue, the ability to override should at least be
tied to specific MAC address of known devices.
"ClassicBondedOnly" is a confusing name BTW, what is it supposed to
mean?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which
Thank you for the clarification! I'll remove the regression-update tag
then, since this is the intended behaviour of the security update, so it
shouldn't count towards regression statistics.
** Tags removed: regression-update
--
You received this bug notification because you are a member of
Hello all o/
This is intentional. And easy to reverse.
The patch for CVE-2023-45866 works as intended and is not a regression.
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675
If ClassicBondedOnly is not enforced, a nearby
Looks like this is a reported regression in the security pocket.
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bluez in Ubuntu.
Reopening because a PIN of is not reported to work (and even if it
did, that would still be a regression in a stable release).
** Changed in: bluez (Ubuntu)
Status: Incomplete => Confirmed
** Changed in: bluez (Ubuntu)
Importance: Undecided => Critical
--
You received this bug
Exact same behavior, and exact same fix. On 5.64-0ubuntu1.1, the
connection attempt results in a PIN prompt ( doesn't work). It
*does* still work over USB.
Per OP, I tried downgrading to 5.64-0ubuntu1 *immediately* corrected the
problem.
--
You received this bug notification because you
I'm having this bug as well. It is a bug cause with current version
Dualshock 3 just doesn't connect, even if you do enter the PIN
code.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bluez in Ubuntu.
This sounds like it might be a feature and the bug was that previous
versions DIDN'T ask. Try entering PIN:
** Changed in: bluez (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
** Tags added: jammy regression-update
** Changed in: bluez (Ubuntu)
Assignee: (unassigned) => Nishit Majithia (0xnishit)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bluez in Ubuntu.
12 matches
Mail list logo
