OESA-2022-1801

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1801
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2022-1801.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2022-1801
Upstream
Published
2022-08-05T11:04:05Z
Modified
2025-09-03T06:16:56.369318Z
Summary
fwupd security update
Details

aims to make updating firmware on Linux automatic, safe and reliable.

Security Fix(es):

A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.(CVE-2020-10759)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / fwupd

Package

Name
fwupd
Purl
pkg:rpm/openEuler/fwupd&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.9-5.oe1

Ecosystem specific 

{
    "x86_64": [
        "fwupd-debugsource-1.2.9-5.oe1.x86_64.rpm",
        "fwupd-debuginfo-1.2.9-5.oe1.x86_64.rpm",
        "fwupd-1.2.9-5.oe1.x86_64.rpm",
        "fwupd-devel-1.2.9-5.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "fwupd-debuginfo-1.2.9-5.oe1.aarch64.rpm",
        "fwupd-debugsource-1.2.9-5.oe1.aarch64.rpm",
        "fwupd-devel-1.2.9-5.oe1.aarch64.rpm",
        "fwupd-1.2.9-5.oe1.aarch64.rpm"
    ],
    "noarch": [
        "fwupd-help-1.2.9-5.oe1.noarch.rpm"
    ],
    "src": [
        "fwupd-1.2.9-5.oe1.src.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / fwupd

Package

Name
fwupd
Purl
pkg:rpm/openEuler/fwupd&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.9-5.oe1

Ecosystem specific 

{
    "x86_64": [
        "fwupd-1.2.9-5.oe1.x86_64.rpm",
        "fwupd-debuginfo-1.2.9-5.oe1.x86_64.rpm",
        "fwupd-debugsource-1.2.9-5.oe1.x86_64.rpm",
        "fwupd-devel-1.2.9-5.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "fwupd-1.2.9-5.oe1.aarch64.rpm",
        "fwupd-debugsource-1.2.9-5.oe1.aarch64.rpm",
        "fwupd-debuginfo-1.2.9-5.oe1.aarch64.rpm",
        "fwupd-devel-1.2.9-5.oe1.aarch64.rpm"
    ],
    "noarch": [
        "fwupd-help-1.2.9-5.oe1.noarch.rpm"
    ],
    "src": [
        "fwupd-1.2.9-5.oe1.src.rpm"
    ]
}

openEuler:22.03-LTS / fwupd

Package

Name
fwupd
Purl
pkg:rpm/openEuler/fwupd&distro=openEuler-22.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.9-5.oe2203

Ecosystem specific 

{
    "x86_64": [
        "fwupd-debugsource-1.2.9-5.oe2203.x86_64.rpm",
        "fwupd-devel-1.2.9-5.oe2203.x86_64.rpm",
        "fwupd-1.2.9-5.oe2203.x86_64.rpm",
        "fwupd-debuginfo-1.2.9-5.oe2203.x86_64.rpm"
    ],
    "aarch64": [
        "fwupd-devel-1.2.9-5.oe2203.aarch64.rpm",
        "fwupd-1.2.9-5.oe2203.aarch64.rpm",
        "fwupd-debugsource-1.2.9-5.oe2203.aarch64.rpm",
        "fwupd-debuginfo-1.2.9-5.oe2203.aarch64.rpm"
    ],
    "noarch": [
        "fwupd-help-1.2.9-5.oe2203.noarch.rpm"
    ],
    "src": [
        "fwupd-1.2.9-5.oe2203.src.rpm"
    ]
}