[Bug 1791405] Re: bluetooth always in discoverable mode (security issue)
(removing the focal targetting, there is no assigne nor sign it deserve particular handling) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1791405 Title: bluetooth always in discoverable mode (security issue) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1791405/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1791405] Re: bluetooth always in discoverable mode (security issue)
** No longer affects: bluez (Ubuntu Focal) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1791405 Title: bluetooth always in discoverable mode (security issue) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1791405/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1791405] Re: bluetooth always in discoverable mode (security issue)
** Tags removed: fixed-upstream -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1791405 Title: bluetooth always in discoverable mode (security issue) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1791405/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1791405] Re: bluetooth always in discoverable mode (security issue)
** Also affects: gnome-bluetooth (Ubuntu Focal) Importance: Medium Status: Fix Released ** Also affects: bluez (Ubuntu Focal) Importance: Undecided Status: Confirmed ** Changed in: bluez (Ubuntu Focal) Status: Confirmed => Triaged ** Changed in: bluez (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: bluez (Ubuntu Eoan) Status: Fix Committed => Triaged ** Changed in: bluez (Ubuntu Eoan) Importance: Undecided => Medium ** No longer affects: bluez (Ubuntu Eoan) ** Tags added: fixed-upstream -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1791405 Title: bluetooth always in discoverable mode (security issue) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1791405/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1791405] Re: bluetooth always in discoverable mode (security issue)
** Changed in: bluez (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1791405 Title: bluetooth always in discoverable mode (security issue) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1791405/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1791405] Re: bluetooth always in discoverable mode (security issue)
** No longer affects: bluez (Ubuntu Bionic) ** No longer affects: bluez (Ubuntu Cosmic) ** No longer affects: bluez (Ubuntu Disco) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1791405 Title: bluetooth always in discoverable mode (security issue) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1791405/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1791405] Re: bluetooth always in discoverable mode (security issue)
** Changed in: gnome-bluetooth (Fedora) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1791405 Title: bluetooth always in discoverable mode (security issue) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1791405/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1791405] Re: bluetooth always in discoverable mode (security issue)
@Daniel, the urls Bastien shared on the redhat bug are for bluez, he states on the gitlab bug that it's the proper fix where the gnome- bluetooth are improvements for new features to work better -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1791405 Title: bluetooth always in discoverable mode (security issue) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1791405/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1791405] Re: bluetooth always in discoverable mode (security issue)
And the gnome-bluetooth fix was released in 3.28.2. ** Package changed: bluez (Ubuntu) => gnome-bluetooth (Ubuntu) ** Changed in: gnome-bluetooth (Ubuntu) Status: Fix Committed => Fix Released ** Also affects: gnome-bluetooth (Ubuntu Disco) Importance: Medium Status: Fix Released ** Also affects: gnome-bluetooth (Ubuntu Cosmic) Importance: Undecided Status: New ** Also affects: gnome-bluetooth (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: gnome-bluetooth (Ubuntu Cosmic) Status: New => Fix Released ** Changed in: gnome-bluetooth (Ubuntu Cosmic) Importance: Undecided => Medium ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10910 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1791405 Title: bluetooth always in discoverable mode (security issue) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1791405/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1791405] Re: bluetooth always in discoverable mode (security issue)
Although the gnome-bluetooth "fix" sounds like a workaround. So re- adding a bluez task. ** Also affects: bluez (Ubuntu) Importance: Undecided Status: New ** Also affects: gnome-bluetooth (Ubuntu Ee-series) Importance: Undecided Status: New ** Also affects: bluez (Ubuntu Ee-series) Importance: Undecided Status: New ** Changed in: bluez (Ubuntu Ee-series) Status: New => Fix Committed ** No longer affects: gnome-bluetooth (Ubuntu Ee-series) ** Changed in: gnome-bluetooth (Ubuntu Bionic) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1791405 Title: bluetooth always in discoverable mode (security issue) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1791405/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1791405] Re: bluetooth always in discoverable mode (security issue)
Looks like the upstream fix is gnome-bluetooth, not bluez? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1791405 Title: bluetooth always in discoverable mode (security issue) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1791405/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1791405] Re: bluetooth always in discoverable mode (security issue)
And it seems to be in bionic too: gnome-bluetooth (3.28.0-2ubuntu0.1) bionic-security; urgency=medium * SECURITY UPDATE: work around bluetoothd discoverability issue - debian/patches/CVE-2018-10910.patch: fix Discoverable being reset when turned off in lib/bluetooth-client.c. - CVE-2018-10910 -- Marc Deslauriers Fri, 11 Jan 2019 14:41:45 -0500 ** Changed in: gnome-bluetooth (Ubuntu Bionic) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1791405 Title: bluetooth always in discoverable mode (security issue) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1791405/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1791405] Re: bluetooth always in discoverable mode (security issue)
That has been fixed in bluez upstream but there has been no new version since ** Package changed: gnome-bluetooth (Ubuntu) => bluez (Ubuntu) ** Changed in: bluez (Ubuntu) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1791405 Title: bluetooth always in discoverable mode (security issue) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1791405/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1791405] Re: bluetooth always in discoverable mode (security issue)
Launchpad has imported 9 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=1602985. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. On 2018-07-19T00:34:47+00:00 Benjamin wrote: Description of problem: Bluetooth is always discoverable; when pairing a new device on my phone, I noticed my laptop, but I did not have the GNOME Bluetooth settings open at the time. Version-Release number of selected component (if applicable): 3.28.0-1.fc28 How reproducible: Always Steps to Reproduce: 1. Boot up, log in 2. Scan for bluetooth devices with a separate computer Actual results: Machine name is displayed on phone Expected results: Machine name should not be displayed (should not be discoverable) Additional info: I can turn off discoverability from a term using bluetoothctl. It seems that opening the Bluetooth settings will make the device discoverable again, but does not make the device undiscoverable after the settings are closed (this is not intended behavior; devices should only be discoverable when the bluetooth settings UI is open). Reply at: https://bugs.launchpad.net/ubuntu/+source/gnome- bluetooth/+bug/1791405/comments/0 On 2018-07-19T10:29:26+00:00 Bastien wrote: (In reply to Benjamin Kreuter from comment #0) > It seems that opening the Bluetooth settings will make the device > discoverable again, but does not make the device undiscoverable after the > settings are closed (this is not intended behavior; devices should only be > discoverable when the bluetooth settings UI is open). It does turn it off. Except that bluetoothd and/or the kernel will fail to make it undiscoverable. Sender ":1.13387" is the Bluetooth settings. See how it requests for "Discoverable" to be switched off, receives a response to the call saying that Discoverable is now off, but receives a signal that Discoverable changed back to "on" after a short time. This is a dbus-monitor capture on exit: method call time=1531995892.499232 sender=:1.13387 -> destination=:1.4 serial=94 path=/org/bluez/hci0; interface=org.freedesktop.DBus.Properties; member=Set string "org.bluez.Adapter1" string "Discoverable" variant boolean false method call time=1531995892.499459 sender=:1.13387 -> destination=:1.4 serial=95 path=/org/bluez/hci0; interface=org.freedesktop.DBus.Properties; member=Set string "org.bluez.Adapter1" string "DiscoverableTimeout" variant uint32 0 method call time=1531995892.499485 sender=:1.13387 -> destination=org.freedesktop.DBus serial=96 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=RemoveMatch string "type='signal',sender=':1.4'" method call time=1531995892.499556 sender=:1.13387 -> destination=org.freedesktop.DBus serial=97 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=RemoveMatch string "type='signal',sender='org.freedesktop.DBus',interface='org.freedesktop.DBus',member='NameOwnerChanged',path='/org/freedesktop/DBus',arg0='org.bluez'" method return time=1531995892.499563 sender=org.freedesktop.DBus -> destination=:1.13387 serial=69 reply_serial=97 method call time=1531995892.499610 sender=:1.13387 -> destination=org.freedesktop.DBus serial=98 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=RemoveMatch string "type='signal',sender='org.bluez',interface='org.freedesktop.DBus.ObjectManager',path='/'" method return time=1531995892.499616 sender=org.freedesktop.DBus -> destination=:1.13387 serial=70 reply_serial=98 method return time=1531995892.499665 sender=:1.4 -> destination=:1.13387 serial=379 reply_serial=95 signal time=1531995892.523461 sender=:1.4 -> destination=(null destination) serial=380 path=/org/bluez/hci0; interface=org.freedesktop.DBus.Properties; member=PropertiesChanged string "org.bluez.Adapter1" array [ dict entry( string "DiscoverableTimeout" variant uint32 0 ) ] array [ ] method return time=1531995892.523489 sender=:1.4 -> destination=:1.13387 serial=381 reply_serial=94 signal time=1531995892.533281 sender=:1.4 -> destination=(null destination) serial=382 path=/org/bluez/hci0; interface=org.freedesktop.DBus.Properties; member=PropertiesChanged string "org.bluez.Adapter1" array [ dict entry( string "Discoverable" variant boolean false ) ] array [ ] signal time=1531995892.551915 sender=:1.4 -> destination=(null destination) serial=383 path=/org/bluez/hci0; interface=org.freedesktop.DBus.Properties; member=PropertiesChanged string "org.bluez.Adapter1" array [ dict entry( string "Discoverable"
[Bug 1791405] Re: bluetooth always in discoverable mode (security issue)
** Bug watch added: Red Hat Bugzilla #1602985 https://bugzilla.redhat.com/show_bug.cgi?id=1602985 ** Also affects: gnome-bluetooth (Fedora) via https://bugzilla.redhat.com/show_bug.cgi?id=1602985 Importance: Unknown Status: Unknown ** Changed in: gnome-bluetooth (Ubuntu) Importance: Undecided => Medium ** Changed in: gnome-bluetooth (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1791405 Title: bluetooth always in discoverable mode (security issue) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-bluetooth/+bug/1791405/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1791405] Re: bluetooth always in discoverable mode (security issue)
** Package changed: apport (Ubuntu) => gnome-bluetooth (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1791405 Title: bluetooth always in discoverable mode (security issue) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-bluetooth/+bug/1791405/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1791405] Re: bluetooth always in discoverable mode (security issue)
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1791405 Title: bluetooth always in discoverable mode (security issue) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1791405/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
