[security][solved] Can we get BlueBorne (Bluetooth vulnerabilities) fixed in OTA-2 or OTA-1 hotfix?
-
@Flohack I am with you,on the not delaying part,I am near retirement,I want to see you guys take over the world before ~~~~~
-
@Flohack FYI, probably just got attacked at the local Cafe. Turned on BT for my external keyboard, but keyboard typing was locked up, then an authentication dialog box popped up. I shut the device down ASAP, will do a clean install since God knows what got scribbled.
No BT in public for me until this is fixed!
-
Ok, I've studied the CVE and the patches, and I'm pretty sure I can get this applied for the kernel source net/bluetooth/l2cap_core.c, at least on hammerhead. I can take a similar look if somebody can tell me how to check out the source which includes src/sdpd-request.c.
-
This issue has already been fixed in the hammerhead kernel via this commit. I believe a pull from the upstream Fairphone kernel fixed it, too, but I'll need to get confirmation.
This fix has not been released to anything but the devel channel.
-
From Community Update 15:
People have been asking about the KRACK and BlueBorne vulnerabilities lately, and for good reason. These are highly public explots. Both have been fixed in the RC and Devel channels, with the fixes landing in Stable with the next OTA.
-
@Talkless Are they todays OTA's or future ones. Thanks
-
@Lakota said in [security][solved] Can we get BlueBorne (Bluetooth vulnerabilities) fixed in OTA-2 or OTA-1 hotfix?:
@Talkless Are they todays OTA's or future ones. Thanks
"next OTA", the future one.
-
@Talkless Thanks for clearing that up. Wasn't sure only read your comments after yesterday OT A's.
-
@Lakota said in [security][solved] Can we get BlueBorne (Bluetooth vulnerabilities) fixed in OTA-2 or OTA-1 hotfix?:
@Talkless Thanks for clearing that up. Wasn't sure only read your comments after yesterday OT A's.
Uhm, what do you mean "after yesterday OT A's" ?
It will be fixed on OTA-3, if I understood correctly, which is not yet released AFAIK.
-
@Talkless Had forgotten mine are now on RC channel not stable and updated to r14 yesterday. Or am I getting mixed up with things and OTA's.
