14 DAY TRIAL // Canonical announced today the availability of a security patch for the GNOME Bluetooth tools inside its Ubuntu 18.04 LTS (Bionic Beaver) operating system to address a vulnerability that could allow unintended access to devices.
Security researcher Chris Marchesi recently discovered a security vulnerability, documented as CVE-2018-10910, in the BlueZ Linux Bluetooth stack, which made it incorrectly handle disabling Bluetooth visibility, allowing a remote attacker to possibly pair to Bluetooth devices.
Canonical was quick to release today patched versions of the BlueZ components for the long-term supported Ubuntu 18.04 LTS (Bionic Beaver) operating system series, addressing the security vulnerability, which might also affects all of the derivatives of Ubuntu 18.04 LTS, including Xubuntu, Kubuntu, Lubuntu, and Ubuntu MATE.
Ubuntu 18.04 LTS users urged to update their systems
Canonical urges all Ubuntu 18.04 LTS users to update their systems immediately to the gnome-bluetooth 3.28.0-2ubuntu0.1 and libgnome-bluetooth13 3.28.0-2ubuntu0.1 packages, which are available for download right now from the official repositories. To update, follow the instructions at https://wiki.ubuntu.com/Security/Upgrades.
Usually, running the "sudo apt update && sudo apt full-upgrade" command in the Terminal app should install the new package versions, but you can also use a graphical package manager like Synaptic or Ubuntu Software to install the latest updates and security patches. Canonical recommends you reboot your computer after a standard system update.
The GNOME Bluetooth vulnerability is confirmed not to affect other supported Ubuntu releases, such as Ubuntu 14.04 LTS (Trusty Tahr), Ubuntu 16.04 LTS (Xenial Xerus), or Ubuntu 18.10 (Cosmic Cuttlefish), but it might affect other Linux-based operating systems, so check your repos for recent updates to BlueZ and the GNOME Bluetooth tools and install them as soon as possible.