Debian 10260 Published by

A fwupd security update has been released for Debian GNU/Linux 9 LTS to address a possible signature verification issue in firmware update daemon library "fwupd".



DLA 2274-1: fwupd security update

Package : fwupd
Version : 0.7.4-2+deb9u1
CVE ID : CVE-2020-10759
Debian Bug : #962517

It was discovered that there was a possible signature verification
issue in firmware update daemon library "fwupd" as the return value
of gpgme_op_verify_result was not being checked.

For Debian 9 "Stretch", this issue has been fixed in fwupd version
0.7.4-2+deb9u1.

We recommend that you upgrade your fwupd packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS