Go to listing page

Canonical releases security patch For Ubuntu 18.04 LTS, Fixes GNOME Bluetooth Vulnerability

Canonical releases security patch For Ubuntu 18.04 LTS, Fixes GNOME Bluetooth Vulnerability
  • Ubuntu developer Canonical introduced security patches for Bionic Beaver (18.04 LTS) after a security researcher identified a security flaw.
  • The flaw is reportedly present in the BlueZ Linux Bluetooth stack making it accessible to attackers.

Yesterday, Canonical -- the company behind Ubuntu’s development, announced a couple of security patches for Ubuntu 18.04 LTS series. Also known as ‘Bionic Beaver’, 18.04 LTS was detected with a security vulnerability in its Linux Bluetooth Stack. Apparently, the GNOME tool which manages Bluetooth visibility in the OS allows access to outsiders to pair Bluetooth devices.

Cybersecurity researcher Chris Marchesi found that BlueZ -- which houses Bluetooth modules in Ubuntu, was incorrectly handling Bluetooth visibility. Canonical calls this Bluez-GNOME vulnerability as ‘CVE-2018-10910’ and has put out security updates for Ubuntu 18.04 LTS.

On the other hand, this security issue seems to not have affected other Ubuntu’s Long Term Supported (LTS) OS series such as Trusty Tahr, Xenial Xerus and Cosmic Cuttlefish. However, it can spread to different derivatives of Bionic Beaver like Xubuntu 18.04, Kubuntu 18.04, Lubuntu 18.04 and Ubuntu MATE.

Users informed about the update

According to Softpedia News, Canonical suggested Ubuntu 18.04 users to update with the patch. “Canonical urges all Ubuntu 18.04 LTS users to update their systems immediately to the gnome-bluetooth 3.28.0-2ubuntu0.1 and libgnome-bluetooth13 3.28.0-2ubuntu0.1 packages, which are available for download right now from the official repositories. To update, follow the instructions at https://wiki.ubuntu.com/Security/Upgrades.”

The aforementioned site indicates that two commands '$ sudo apt-get update' and '$ sudo apt-get dist-upgrade' entered in the Terminal should suffice to install updates. Alternatively, automatic updates can also be set in the server by running the unattended-upgrade package. Finally, updates require a system reboot to function correctly.

Cyware Publisher