This bug was fixed in the package linux-signed-hwe - 5.3.0-26.28~18.04.1 --------------- linux-signed-hwe (5.3.0-26.28~18.04.1) bionic; urgency=medium
* Master version: 5.3.0-26.28~18.04.1 linux-signed-hwe (5.3.0-25.27~18.04.2) bionic; urgency=medium * Master version: 5.3.0-25.27~18.04.2 * Bump upload number. linux-signed-hwe (5.3.0-25.27~18.04.1) bionic; urgency=medium * Master version: 5.3.0-25.27~18.04.1 * vmlinuz is world-readable (LP: #1843327) - fix vmlinuz-* permissions for opal signed kernels * Miscellaneous Ubuntu changes - [Packaging] Rolling hwe-edge into hwe -- Kleber Sacilotto de Souza <kleber.so...@canonical.com> Wed, 18 Dec 2019 16:20:33 +0100 ** Changed in: linux-signed-hwe (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-signed in Ubuntu. https://bugs.launchpad.net/bugs/1843327 Title: vmlinuz is world-readable Status in linux-signed package in Ubuntu: Fix Released Status in linux-signed-hwe package in Ubuntu: Fix Released Status in linux-signed source package in Xenial: Invalid Status in linux-signed-hwe source package in Xenial: Fix Released Status in linux-signed source package in Bionic: Fix Released Status in linux-signed-hwe source package in Bionic: Fix Released Status in linux-signed source package in Disco: Fix Released Status in linux-signed-hwe source package in Disco: Invalid Bug description: [Impact] ppc64el vmlinuz is world-readable, possibly impacting security on that platform. [Test case] Verify vmlinuz is not world-readable after the fix. [Regression potential] File permissions may be wrong, possibly allowing attack. -------------------------------------------------------------------------- ====================================================================== FAIL: test_096_boot_symbols_unreadable (__main__.KernelSecurityTest) kernel addresses in /boot are not world readable ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 1438, in test_096_boot_symbols_unreadable self.assertEqual(os.stat(name).st_mode & mask, expected, '%s is world readable' % (name)) AssertionError: /boot/vmlinux-4.15.0-62-generic is world readable ---------------------------------------------------------------------- Ran 125 tests in 31.183s FAILED (failures=1) This currently affects ppc64el. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-signed/+bug/1843327/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp