Additional information:

There are a lot of conditions based on this flaw.

The first is 'dual mode' support.

You can check to see if your system has 'dual mode' support with the hciconfig tool as shown below.

# sudo hciconfig hci0 features
hci0:	Type: Primary  Bus: USB
	BD Address: 7C:E9:D3:EA:77:53  ACL MTU: 1021:8  SCO MTU: 64:1
	Features page 0: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87
		<3-slot packets> <5-slot packets> <encryption> <slot offset> 
		<timing accuracy> <role switch> <sniff mode> <RSSI> 
		<channel quality> <SCO link> <HV2 packets> <HV3 packets> 
		<u-law log> <A-law log> <CVSD> <paging scheme> <power control> 
		<transparent SCO> <broadcast encrypt> <EDR ACL 2 Mbps> 
		<EDR ACL 3 Mbps> <enhanced iscan> <interlaced iscan> 
		<interlaced pscan> <inquiry with RSSI> <extended SCO> 
		<EV4 packets> <EV5 packets> <AFH cap. slave> 
		<AFH class. slave> <LE support> <3-slot EDR ACL> 
		<5-slot EDR ACL> <sniff subrating> <pause encryption> 
		<AFH cap. master> <AFH class. master> <EDR eSCO 2 Mbps> 
		<EDR eSCO 3 Mbps> <3-slot EDR eSCO> <extended inquiry> 
		<LE and BR/EDR> <simple pairing> <encapsulated PDU> 
		<err. data report> <non-flush flag> <LSTO> <inquiry TX power> 
		<EPC> <extended features> 

The have "<LE and BR/EDR>" means that this has dual mode.

If you have dual mode, and dont use the new "low energy" mode, this can be immedately modified in the /etc/bluetooth/main.conf 

# Restricts all controllers to the specified transport. Default value
# is "dual", i.e. both BR/EDR and LE enabled (when supported by the HW).
# Possible values: "dual", "bredr", "le"
#ControllerMode = dual

Setting this to the "bredr" mode should mitigate the flaw, restarting bluetoothd service should effectively disable bluetooth low energy and require connection between devices to use normal bluetooth.

Unfortunately, I do not believe that there is a  software or firmware fix that can be implemented at this time.  This is a protocol level flaw.