** Package changed: linux (Ubuntu) => s390-tools (Ubuntu)
** Changed in: s390-tools (Ubuntu)
Assignee: Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) =>
Skipper Bug Screeners (skipper-screen-team)
** Also affects: ubuntu-z-systems
Importance: Undecided
Status: New
** Changed in: ubuntu-z-systems
Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team)
** Changed in: ubuntu-z-systems
Importance: Undecided => High
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1968259
Title:
[UBUNTU 22.04] check_hostkeydoc is checking the certificate issuer too
strictly (s390-tools)
Status in Ubuntu on IBM z Systems:
New
Status in s390-tools package in Ubuntu:
New
Bug description:
== Comment: #0 - Viktor Mihajlovski <mihaj...@de.ibm.com> - 2022-04-07
09:16:49 ==
The s390-tools script check_hostkeydoc can be used to perform the
verification of the chain of trust for Secure Execution host key documents.
The certificate verification is however too strict and doesn't match the
checking performed by genprotimg.
Affected is the OU field in the issuer DN of the host key document. As a
consequence, verification failures will occur for host key documents issued for
newer hardware generations like IBM z16.
== Comment: #1 - Viktor Mihajlovski <mihaj...@de.ibm.com> - 2022-04-07
09:18:08 ==
Fixed by:
https://github.com/ibm-s390-linux/s390-tools
commit 673ff375d939d3cde674f8f99a62d456f8b1673d
Author: Viktor Mihajlovski <mihaj...@linux.ibm.com>
Date: Tue Mar 15 12:55:02 2022 +0100
genprotimg/check_hostkeydoc: relax default issuer check
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1968259/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
