Описание
Security update for fwupd
This update for fwupd fixes the following issues:
- Update to version 1.2.14: (bsc#1182057)
- Add SBAT section to EFI images (bsc#1182057)
- CVE-2020-10759: Validate that gpgme_op_verify_result() returned at least one signature (bsc#1172643)
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
fwupd-1.2.14-5.8.2
fwupd-devel-1.2.14-5.8.2
fwupd-lang-1.2.14-5.8.2
libfwupd2-1.2.14-5.8.2
typelib-1_0-Fwupd-2_0-1.2.14-5.8.2
Ссылки
- Link for SUSE-SU-2021:1107-1
- E-Mail link for SUSE-SU-2021:1107-1
- SUSE Security Ratings
- SUSE Bug 1172643
- SUSE Bug 1182057
- SUSE CVE CVE-2020-10759 page
Описание
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:fwupd-1.2.14-5.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:fwupd-devel-1.2.14-5.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:fwupd-lang-1.2.14-5.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libfwupd2-1.2.14-5.8.2
Ссылки
- CVE-2020-10759
- SUSE Bug 1172643