Arch Linux 803 Published by

A libjcat security update has been released for Arch Linux.



ASA-202007-6: libjcat: insufficient validation


Arch Linux Security Advisory ASA-202007-6
========================================
Severity: High
Date : 2020-07-31
CVE-ID : CVE-2020-10759
Package : libjcat
Type : insufficient validation
Remote : Yes
Link :   https://security.archlinux.org/AVG-1185

Summary
======
The package libjcat before version 0.1.3-1 is vulnerable to
insufficient validation.

Resolution
=========
Upgrade to 0.1.3-1.

# pacman -Syu "libjcat>=0.1.3-1"

The problem has been fixed upstream in version 0.1.3.

Workaround
=========
None.

Description
==========
A PGP signature verification bypass has been found in fwupd prior to
1.4.0, and in libjcat