[Kernel-packages] [Bug 1843327] Re: vmlinuz is world-readable

Launchpad Bug Tracker Thu, 16 Jan 2020 13:07:14 -0800

This bug was fixed in the package linux-signed-hwe - 5.3.0-26.28~18.04.1

---------------
linux-signed-hwe (5.3.0-26.28~18.04.1) bionic; urgency=medium


  * Master version: 5.3.0-26.28~18.04.1

linux-signed-hwe (5.3.0-25.27~18.04.2) bionic; urgency=medium

  * Master version: 5.3.0-25.27~18.04.2
  * Bump upload number.

linux-signed-hwe (5.3.0-25.27~18.04.1) bionic; urgency=medium

  * Master version: 5.3.0-25.27~18.04.1

  * vmlinuz is world-readable (LP: #1843327)
    - fix vmlinuz-* permissions for opal signed kernels

  * Miscellaneous Ubuntu changes
    - [Packaging] Rolling hwe-edge into hwe

 -- Kleber Sacilotto de Souza <kleber.so...@canonical.com>  Wed, 18 Dec
2019 16:20:33 +0100

** Changed in: linux-signed-hwe (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1843327

Title:
  vmlinuz is world-readable

Status in linux-signed package in Ubuntu:
  Fix Released
Status in linux-signed-hwe package in Ubuntu:
  Fix Released
Status in linux-signed source package in Xenial:
  Invalid
Status in linux-signed-hwe source package in Xenial:
  Fix Released
Status in linux-signed source package in Bionic:
  Fix Released
Status in linux-signed-hwe source package in Bionic:
  Fix Released
Status in linux-signed source package in Disco:
  Fix Released
Status in linux-signed-hwe source package in Disco:
  Invalid

Bug description:
  [Impact]
  ppc64el vmlinuz is world-readable, possibly impacting security on that 
platform.

  [Test case]
  Verify vmlinuz is not world-readable after the fix.

  [Regression potential]
  File permissions may be wrong, possibly allowing attack.

  
  --------------------------------------------------------------------------

    ======================================================================
    FAIL: test_096_boot_symbols_unreadable (__main__.KernelSecurityTest)
    kernel addresses in /boot are not world readable
    ----------------------------------------------------------------------
    Traceback (most recent call last):
      File "./test-kernel-security.py", line 1438, in 
test_096_boot_symbols_unreadable
        self.assertEqual(os.stat(name).st_mode & mask, expected, '%s is world 
readable' % (name))
    AssertionError: /boot/vmlinux-4.15.0-62-generic is world readable
    
    ----------------------------------------------------------------------
    Ran 125 tests in 31.183s
    
    FAILED (failures=1)

  This currently affects ppc64el.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-signed/+bug/1843327/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1843327] Re: vmlinuz is world-readable

Reply via email to