- Vulnerability/
- USN-3856-1
USN-3856-1: GNOME Bluetooth vulnerability
First published: Mon Jan 14 2019(Updated: )
Chris Marchesi discovered that BlueZ incorrectly handled disabling Bluetooth visibility. A remote attacker could possibly pair to devices, contrary to expectations. This update adds a workaround to GNOME Bluetooth to fix the issue.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/gnome-bluetooth | <3.28.0-2ubuntu0.1 | 3.28.0-2ubuntu0.1 |
| =18.04 | ||
| All of | ||
| ubuntu/libgnome-bluetooth13 | <3.28.0-2ubuntu0.1 | 3.28.0-2ubuntu0.1 |
| =18.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID for this issue is USN-3856-1.
What software is affected by this vulnerability?
GNOME Bluetooth and libgnome-bluetooth13 packages in Ubuntu 18.04 are affected by this vulnerability.
What is the impact of this vulnerability?
The vulnerability allows a remote attacker to possibly pair with Bluetooth devices.
How can I fix this vulnerability?
To fix this vulnerability, update the gnome-bluetooth and libgnome-bluetooth13 packages to version 3.28.0-2ubuntu0.1 or higher.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability in the Ubuntu Security Notices (USN-3856-1), the CVE-2018-10910 advisory, and the GNOME Bluetooth package release notes.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/18.04