Описание
Security update for fwupd
This update for fwupd fixes the following issues:
- CVE-2020-10759: Fixed a potential PGP signature bypass, which could have led to installation of unsigned firmware (bsc#1172643)
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
fwupd-1.0.9-6.3.1
fwupd-devel-1.0.9-6.3.1
fwupd-lang-1.0.9-6.3.1
libfwupd2-1.0.9-6.3.1
typelib-1_0-Fwupd-2_0-1.0.9-6.3.1
Ссылки
- Link for SUSE-SU-2020:1681-1
- E-Mail link for SUSE-SU-2020:1681-1
- SUSE Security Ratings
- SUSE Bug 1172643
- SUSE CVE CVE-2020-10759 page
Описание
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:fwupd-1.0.9-6.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:fwupd-devel-1.0.9-6.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:fwupd-lang-1.0.9-6.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libfwupd2-1.0.9-6.3.1
Ссылки
- CVE-2020-10759
- SUSE Bug 1172643