openSUSE-SU-2020:0849-1

Опубликовано: 22 июн. 2020

Источник: suse-cvrf

Описание

Security update for fwupd

This update for fwupd fixes the following issues:

CVE-2020-10759: Fixed a potential PGP signature bypass, which could have led to installation of unsigned firmware (bsc#1172643)

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Список пакетов

openSUSE Leap 15.1

dfu-tool-1.0.9-lp151.2.3.1

fwupd-1.0.9-lp151.2.3.1

fwupd-devel-1.0.9-lp151.2.3.1

fwupd-lang-1.0.9-lp151.2.3.1

libfwupd2-1.0.9-lp151.2.3.1

typelib-1_0-Fwupd-2_0-1.0.9-lp151.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TGXSUS6KL5LOKOYMKKEHV3YKHOLTZOGU/
E-Mail link for openSUSE-SU-2020:0849-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1172643
SUSE Bug 1172643
https://www.suse.com/security/cve/CVE-2020-10759/
SUSE CVE CVE-2020-10759 page

Описание

A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.

Затронутые продукты

openSUSE Leap 15.1:dfu-tool-1.0.9-lp151.2.3.1

openSUSE Leap 15.1:fwupd-1.0.9-lp151.2.3.1

openSUSE Leap 15.1:fwupd-devel-1.0.9-lp151.2.3.1

openSUSE Leap 15.1:fwupd-lang-1.0.9-lp151.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-10759.html
CVE-2020-10759
https://bugzilla.suse.com/1172643
SUSE Bug 1172643

openSUSE-SU-2020:0849-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2020-10759

Описание

Затронутые продукты

Ссылки