appstream-data-8-20200724.el8, fwupd-1.4.2-4.0.2.el8, gnome-software-3.36.1-4.el8, libxmlb-0.1.15-1.el8
エラータID: AXSA:2021-1476:01
リリース日:
2021/02/16 Tuesday - 05:53
題名:
appstream-data-8-20200724.el8, fwupd-1.4.2-4.0.2.el8, gnome-software-3.36.1-4.el8, libxmlb-0.1.15-1.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Low
Description:
以下項目について対処しました。
[Security Fix]
- fwupd には、PGP署名をバイパスできる問題があり、署名のない
ファームウェアがインストールされる可能性のある脆弱性があります。
(CVE-2020-10759)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-10759
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.
追加情報:
N/A
ダウンロード:
SRPMS
- appstream-data-8-20200724.el8.src.rpm
MD5: 29954b56fc028d22afdd4376c1411cc3
SHA-256: b73803f42d4f2f80a030c7c55df0777e1be4493742f55318323fb2afef21c777
Size: 4.09 MB - fwupd-1.4.2-4.0.2.el8.src.rpm
MD5: 888af517136325dc2c2d94dc89b08b75
SHA-256: 00176b115677f8b71a4d9f7ba6d19cc4e5b260b264b5abb73adfcfdee258164b
Size: 1.72 MB - gnome-software-3.36.1-4.el8.src.rpm
MD5: 18eabcd7d03d8559f3f6e2bd59f29ccc
SHA-256: e90a1386a6cd736d31d0ee1306a388c2c88ea42d10a8781d5d1ef7de15e24126
Size: 7.94 MB - libxmlb-0.1.15-1.el8.src.rpm
MD5: 2c4b142433caaaf168a87f8d78d0fe4d
SHA-256: 6509c9fc6b4e2a38089f37f5485ee533d343d7dac5e95dc6ed8e1ef3e8ece690
Size: 81.17 kB
Asianux Server 8 for x86_64
- appstream-data-8-20200724.el8.noarch.rpm
MD5: c105b1a519bb9fcccf963a38e3b50f18
SHA-256: a8f18c5506ce49880338e7251658ebe72d1cd55dca8cff89ac7b56fa13e8ba2f
Size: 4.11 MB - fwupd-1.4.2-4.0.2.el8.x86_64.rpm
MD5: da89c143a35c7f676cd41075f66a1a57
SHA-256: 1305d26289ebe67f91a92e65b045bf04aee7120d85134c85db2c0f8eb2db9125
Size: 2.87 MB - gnome-software-3.36.1-4.el8.x86_64.rpm
MD5: 62ad3d2fb073d40613f00d62d061fd28
SHA-256: 7ebcbfa9524941473ef86526617eee160f588ec46d43eef9e8a9936782976656
Size: 7.47 MB - libxmlb-0.1.15-1.el8.x86_64.rpm
MD5: 80be4f9b2ff137de690228afac2b546d
SHA-256: e333995c1b11c10acd70fba916a82b792bcc4fe41a0b4e3ede32edc91737b9c6
Size: 89.70 kB - libxmlb-0.1.15-1.el8.i686.rpm
MD5: e83b140275d58b6ac9e1072cc6766c91
SHA-256: 1966bd2c77a4879d318407e7e43f31ac791400b64cbd4689dff13c76f2dceec9
Size: 93.86 kB