Opened 7 years ago
Closed 7 years ago
#9765 closed defect (fixed)
bluez-5.47
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | high | Milestone: | 8.2 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Among other changes, this release fixes CVE-2017-1000250 : "All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests."
Publicized as "BlueBorne", https://arstechnica.com/information-technology/2017/09/bluetooth-bugs-open-billions-of-devices-to-attacks-no-clicking-required - /me is glad he has no bluetooth devices.
Fedora had patched 5.46 with a slightly different fix, but they have now moved to 5.47 and dropped that patch.
Full set of announced changes:
ver 5.47:
Fix issue with handling AcquireNotify registration.
Fix issue with handling support for reconnection interval.
Fix issue with handling A2DP transport and accepting streams.
Fix issue with fallback from BR/EDR to LE bearer handling.
Add support for appearance and local name advertising data.
Add support for retrieving the supported discovery filters.
Add support for decoding Bluetooth 5.0 commands and events.
Add support for decoding Bluetooth Mesh advertising bearer.
Add support for Bluetooth Mesh control application.
Change History (12)
comment:1 by , 7 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 7 years ago
comment:4 by , 7 years ago
All tests pass for me:
Testsuite summary for bluez 5.47 ============================================================================ # TOTAL: 25 # PASS: 25 # SKIP: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 0
Which test failed for you?
comment:5 by , 7 years ago
unit/test-gatt : I'm just about to rebuild that kernel. Google finds similar failures in 5.45, 5.46, apparently where CONFIG_CRYPTO_USER is not set.
comment:6 by , 7 years ago
I have:
CONFIG_CRYPTO=y ... # CONFIG_CRYPTO_USER is not set
Several of my crypto settings are set, but not CRYPTO_USER.
To be precise, 4.12.7 has 133 CRYPTO settings and I have 47 set.
comment:7 by , 7 years ago
And also, my log says:
CC unit/test-gatt.o CCLD unit/test-gatt PASS: unit/test-gatt
comment:8 by , 7 years ago
That config entry did not help. The trigger seems to be a timeout, thread (without obvious conclusion) at https://www.spinics.net/lists/linux-bluetooth/msg70563.html
Before setting that I had 38 CONFIG_CRYPTO items either set or as modules (this is one part of the kernel where a lot of things seem to get added as modules.
For the moment I'm going to note that that test can fail (I don't have the interest in bt to work through the possible config changes, that is a slow machine).
comment:9 by , 7 years ago
OTOH, that machine is not going to be doing anything useful until I make my next build, so I guess I can work through the options over the next few days.
comment:10 by , 7 years ago
5.47 applied in r19221. The test failure is not new, and therefore not related to the vulnerability. Keeping this open to try working out which option(s) are needed to fix it.
comment:11 by , 7 years ago
There is also a bug report at kernel.org, [ https://bugzilla.kernel.org/show_bug.cgi?id=196621 ]
I get a segfault in one of the tests. At first I had assumed it was because I don't enable any BT stuff in my kernel, so I built 4.12.13 and turned on all the BT options and drivers. No difference. Then I went back to 5.46 on that same kernel - it too segfaults.