1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • fwupd vulnerability

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Monday, June 15, 2020 12:10:04
    fwupd vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 19.10
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    fwupd could be made to install an unsigned firmware.

    Software Description

    * fwupd - Firmware update daemon

    Details

    Justin Steven discovered that fwupd incorrectly handled certain
    signature verification. An attacker could possibly use this issue
    to install an unsigned firmware.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    fwupd - 1.3.9-4ubuntu0.1
    libfwupd2 - 1.3.9-4ubuntu0.1

    Ubuntu 19.10
    fwupd - 1.2.10-1ubuntu4.1
    libfwupd2 - 1.2.10-1ubuntu4.1

    Ubuntu 18.04 LTS
    fwupd - 1.2.10-1ubuntu2~ubuntu18.04.5
    libfwupd2 - 1.2.10-1ubuntu2~ubuntu18.04.5

    Ubuntu 16.04 LTS
    fwupd - 0.8.3-0ubuntu5.1
    libfwupd1 - 0.8.3-0ubuntu5.1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2020-10759

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)