fwupd

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Simple daemon to allow session software to update firmware
Version 2.0.3-2 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1186 0.1.2-1 1.4.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2020-10759 AVG-1186 High Yes Insufficient validation
A PGP signature verification bypass has been found in fwupd prior to 1.4.0, and in libjcat <= 0.1.2. The issue is that if a detached signature is actually a...