Lucene search

RedHatRHSA-2020:4436

HistoryNov 03, 2020 - 12:04 p.m.

(RHSA-2020:4436) Low: gnome-software and fwupd security, bug fix, and enhancement update

2020-11-0312:04:30

access.redhat.com

gnome-software

fwupd

security fix

firmware update

red hat enterprise linux 8.3

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

18.0%

JSON

The gnome-software packages contain an application that makes it easy to add, remove, and update software in the GNOME desktop.

The appstream-data package provides the distribution specific AppStream metadata required for the GNOME and KDE software centers.

The fwupd packages provide a service that allows session software to update device firmware.

The following packages have been upgraded to a later upstream version: gnome-software (3.36.1), fwupd (1.4.2).

Security Fix(es):

fwupd: Possible bypass in signature verification (CVE-2020-10759)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8aarch64libxmlb-tests-debuginfo< 0.1.15-1.el8libxmlb-tests-debuginfo-0.1.15-1.el8.aarch64.rpm
RedHat8ppc64lefwupd< 1.4.2-4.el8fwupd-1.4.2-4.el8.ppc64le.rpm
RedHat8aarch64gnome-software-debuginfo< 3.36.1-4.el8gnome-software-debuginfo-3.36.1-4.el8.aarch64.rpm
RedHat8x86_64libxmlb-debugsource< 0.1.15-1.el8libxmlb-debugsource-0.1.15-1.el8.x86_64.rpm
RedHat8ppc64legnome-software-debuginfo< 3.36.1-4.el8gnome-software-debuginfo-3.36.1-4.el8.ppc64le.rpm
RedHat8aarch64gnome-software< 3.36.1-4.el8gnome-software-3.36.1-4.el8.aarch64.rpm
RedHat8s390xfwupd< 1.4.2-4.el8fwupd-1.4.2-4.el8.s390x.rpm
RedHat8s390xlibxmlb-debuginfo< 0.1.15-1.el8libxmlb-debuginfo-0.1.15-1.el8.s390x.rpm
RedHat8x86_64libxmlb< 0.1.15-1.el8libxmlb-0.1.15-1.el8.x86_64.rpm
RedHat8noarchappstream-data< 8-20200724.el8appstream-data-8-20200724.el8.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	aarch64	libxmlb-tests-debuginfo	< 0.1.15-1.el8	libxmlb-tests-debuginfo-0.1.15-1.el8.aarch64.rpm
RedHat	8	ppc64le	fwupd	< 1.4.2-4.el8	fwupd-1.4.2-4.el8.ppc64le.rpm
RedHat	8	aarch64	gnome-software-debuginfo	< 3.36.1-4.el8	gnome-software-debuginfo-3.36.1-4.el8.aarch64.rpm
RedHat	8	x86_64	libxmlb-debugsource	< 0.1.15-1.el8	libxmlb-debugsource-0.1.15-1.el8.x86_64.rpm
RedHat	8	ppc64le	gnome-software-debuginfo	< 3.36.1-4.el8	gnome-software-debuginfo-3.36.1-4.el8.ppc64le.rpm
RedHat	8	aarch64	gnome-software	< 3.36.1-4.el8	gnome-software-3.36.1-4.el8.aarch64.rpm
RedHat	8	s390x	fwupd	< 1.4.2-4.el8	fwupd-1.4.2-4.el8.s390x.rpm
RedHat	8	s390x	libxmlb-debuginfo	< 0.1.15-1.el8	libxmlb-debuginfo-0.1.15-1.el8.s390x.rpm
RedHat	8	x86_64	libxmlb	< 0.1.15-1.el8	libxmlb-0.1.15-1.el8.x86_64.rpm
RedHat	8	noarch	appstream-data	< 8-20200724.el8	appstream-data-8-20200724.el8.noarch.rpm