You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa fwupd

Sigurnosni nedostatak programskog paketa fwupd

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2020-ad1c74c2a1
2020-06-26 01:06:35.371435
——————————————————————————–

Name : fwupd
Product : Fedora 31
Version : 1.3.10
Release : 1.fc31
URL : https://github.com/fwupd/fwupd
Summary : Firmware update daemon
Description :
fwupd is a daemon to allow session software to update device firmware.

——————————————————————————–
Update Information:

– New upstream release – Actually reload the DFU device after upgrade has
completed – Capture the dock SKU in report metadata – Correctly set the Logitech
device protocol – Do not use shim for non-secure boot configurations – Ensure
that the DeviceID is set for child devices – Fix an error when detaching MSP430
– Fix the DeviceID set by GetDetails – Force the prometheus minor version from
0x02 to 0x01 – Parse the CSR firmware as a DFU file – Prevent dell-dock updates
to occur via synaptics-mst plugin – Rather than hardcoding thunderbolt to PCI
slot numbers, use domain in GUID – Remove a dock device from the whitelist that
is never going to be updated – Validate that gpgme_op_verify_result() returned
at least one signature – Wait for the cxaudio device to reboot after writing
firmware – Fixes CVE-2020-10759
——————————————————————————–
ChangeLog:

* Tue Jun 9 2020 Richard Hughes <richard@hughsie.com> 1.3.10-1
– New upstream release
– Actually reload the DFU device after upgrade has completed
– Capture the dock SKU in report metadata
– Correctly set the Logitech device protocol
– Do not use shim for non-secure boot configurations
– Ensure that the DeviceID is set for child devices
– Fix an error when detaching MSP430
– Fix the DeviceID set by GetDetails
– Force the prometheus minor version from 0x02 to 0x01
– Parse the CSR firmware as a DFU file
– Prevent dell-dock updates to occur via synaptics-mst plugin
– Rather than hardcoding thunderbolt to PCI slot numbers, use domain in GUID
– Remove a dock device from the whitelist that is never going to be updated
– Validate that gpgme_op_verify_result() returned at least one signature
– Wait for the cxaudio device to reboot after writing firmware
– Fixes CVE-2020-10759
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-ad1c74c2a1’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

AutorFilip Zagar
Cert idNCERT-REF-2020-06-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa microcode_ctl

Otkriveni su sigurnosni nedostaci u programskom paketu microcode_ctl za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju otkrivanje informacija. Savjetuje...

Close