Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 7: MGASA-2021-0158 Moderate: fwupd PGP Signature Bypass

mageia
Calendar Grey March 30, 2021
Dist Mageia Esm H88
MGASA-2021-0159 outlines a significant security update for fwupd, resolving a vulnerability concerning the bypassing of PGP signature checks during the installation of firmware.
A PGP signature bypass was found in fwupd, which could lead to possible installation of unsigned firmware (CVE-2020-10759)

Summary

A PGP signature bypass was found in fwupd, which could lead to possible installation of unsigned firmware (CVE-2020-10759).

References

- https://bugs.mageia.org/show_bug.cgi?id=26854

- https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md

- - https://www.cve.org/CVERecord?id=CVE-2020-10759

Topics%20covered

Topics Covered

security advisory moderate security fix moderate severity firmware issue signature bypass Mageia mageia fwupd PGP bypass

Resolution

SRPMS

- 7/core/fwupd-1.2.8-1.1.mga7

Publication date: 30 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0158.html
Type: security
CVE: CVE-2020-10759

Topics%20covered

Topics Covered

security advisory moderate security fix moderate severity firmware issue signature bypass Mageia mageia fwupd PGP bypass

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here