Security researcher Chris Marchesi recently discovered a security vulnerability, documented as CVE-2018-10910, in the BlueZ Linux Bluetooth stack, which made it incorrectly handle disabling Bluetooth visibility, allowing a remote attacker to possibly pair to Bluetooth devices.
Canonical was quick to release today patched versions of the BlueZ components for the long-term supported Ubuntu 18.04 LTS (Bionic Beaver) operating system series, addressing the security vulnerability, which might also affects all of the derivatives of Ubuntu 18.04 LTS, including Xubuntu, Kubuntu, Lubuntu, and Ubuntu MATE.
Canonical urges all Ubuntu 18.04 LTS users to update their systems immediately to the gnome-bluetooth 3.28.0-2ubuntu0.1 and libgnome-bluetooth13 3.28.0-2ubuntu0.1 packages, which are available for download right now from the official repositories. To update, follow the instructions at https://wiki.ubuntu.com/Security/Upgrades.
The GNOME Bluetooth vulnerability is confirmed not to affect other supported Ubuntu releases, such as Ubuntu 14.04 LTS (Trusty Tahr), Ubuntu 16.04 LTS (Xenial Xerus), or Ubuntu 18.10 (Cosmic Cuttlefish), but it might affect other Linux-based operating systems, so check your repos for recent updates to BlueZ and the GNOME Bluetooth tools and install them as soon as possible.
Submitted by: Arnfried Walbrecht