========================================================================= Ubuntu Security Notice USN-4395-1 June 15, 2020 fwupd vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: fwupd could be made to install an unsigned firmware. Software Description: - fwupd: Firmware update daemon Details: Justin Steven discovered that fwupd incorrectly handled certain signature verification. An attacker could possibly use this issue to install an unsigned firmware. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: fwupd 1.3.9-4ubuntu0.1 libfwupd2 1.3.9-4ubuntu0.1 Ubuntu 19.10: fwupd 1.2.10-1ubuntu4.1 libfwupd2 1.2.10-1ubuntu4.1 Ubuntu 18.04 LTS: fwupd 1.2.10-1ubuntu2~ubuntu18.04.5 libfwupd2 1.2.10-1ubuntu2~ubuntu18.04.5 Ubuntu 16.04 LTS: fwupd 0.8.3-0ubuntu5.1 libfwupd1 0.8.3-0ubuntu5.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4395-1 CVE-2020-10759 Package Information: https://launchpad.net/ubuntu/+source/fwupd/1.3.9-4ubuntu0.1 https://launchpad.net/ubuntu/+source/fwupd/1.2.10-1ubuntu4.1 https://launchpad.net/ubuntu/+source/fwupd/1.2.10-1ubuntu2~ubuntu18.04.5 https://launchpad.net/ubuntu/+source/fwupd/0.8.3-0ubuntu5.1