Описание
Security update for fwupd
This update for fwupd fixes the following issues:
- Update to version 1.2.14: (bsc#1182057)
- Add SBAT section to EFI images (bsc#1182057)
- CVE-2020-10759: Validate that gpgme_op_verify_result() returned at least one signature (bsc#1172643)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Список пакетов
openSUSE Leap 15.2
dfu-tool-1.2.14-lp152.3.9.1
fwupd-1.2.14-lp152.3.9.1
fwupd-devel-1.2.14-lp152.3.9.1
fwupd-lang-1.2.14-lp152.3.9.1
libfwupd2-1.2.14-lp152.3.9.1
typelib-1_0-Fwupd-2_0-1.2.14-lp152.3.9.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0522-1
- SUSE Security Ratings
- SUSE Bug 1172643
- SUSE Bug 1182057
- SUSE CVE CVE-2020-10759 page
Описание
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.
Затронутые продукты
openSUSE Leap 15.2:dfu-tool-1.2.14-lp152.3.9.1
openSUSE Leap 15.2:fwupd-1.2.14-lp152.3.9.1
openSUSE Leap 15.2:fwupd-devel-1.2.14-lp152.3.9.1
openSUSE Leap 15.2:fwupd-lang-1.2.14-lp152.3.9.1
Ссылки
- CVE-2020-10759
- SUSE Bug 1172643