Описание
ELSA-2020-4436: gnome-software and fwupd security, bug fix, and enhancement update (LOW)
appstream-data [8-20200724]
- Regenerate the RHEL metadata to include the EPEL apps too
- Resolves: #1844488
[8-20200630]
- Regenerate the RHEL metadata
- Resolves: #1844488
fwupd [1.4.2-4.0.1]
- Build with the updated Oracle certificate
- Use oraclesecureboot301 as certdir [Orabug: 29881368]
- Use new signing certificate (Alex Burmashev)
[1.4.2-4]
- Add signing with redhatsecureboot503 cert Related: CVE-2020-10713
[1.4.2-3]
- Obsolete the now-dead fwupdate package to prevent file conflicts
- Resolves: #1859202
[1.4.2-2]
- Security fix for CVE-2020-10759
- Resolves: #1844324
[1.4.2-1]
- New upstream release
- Backport a patch to fix the synaptics fingerprint reader update.
- Resolves: #1775277
[1.4.1-1]
- New upstream release
- Resolves: #1775277
gnome-software [3.36.1-4]
- Fix 'Show Details' to correctly work for rpm-installed firefox
- Resolves: #1845714
[3.36.1-3]
- Upload correct 3.36.1 tarball
- Fix hardcoded desktop and appdata names to match whats in RHEL 8.3
- Add back shell extensions support
- Resolves: #1839774
[3.36.1-2]
- Add support for basic auth and webflow auth in flatpak plugin
- Resolves: #1815502
[3.36.1-1]
- Update to 3.36.1
- Resolves: #1797932
libxmlb [0.1.15-1]
- Initial release for RHEL
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
appstream-data
8-20200724.el8
fwupd
1.4.2-4.0.1.el8
gnome-software
3.36.1-4.el8
libxmlb
0.1.15-1.el8
Oracle Linux x86_64
appstream-data
8-20200724.el8
fwupd
1.4.2-4.0.1.el8
gnome-software
3.36.1-4.el8
libxmlb
0.1.15-1.el8
Связанные CVE
Связанные уязвимости
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.
A PGP signature bypass flaw was found in fwupd (all versions), which c ...
