*** This bug is a security vulnerability ***
Public security bug reported:
[Impact]
* /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on arm64
with grub-efi-arm64-signed installed, without grub-efi-arm64.
* /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on amd64
with grub-efi-amd64-signed installed without grub-pc or grub-efi-amd64.
* This results in newly installed kernels not getting added to grub.cfg
and thus upon reboot one does not boot into the new kernel.
* In later series these scripts moved to grub2-common. Maybe we should
move these to grub2-common in bionic and earlier too, for compatibility
with onegrub. Or alternatively grub2-signed should ship these in grub-
efi-{amd64,arm64}-signed packages too.
[Test Plan]
* Install new grubs
* Install a new kernel that was not installed before
* Observe that grub.cfg is regenerated and new kernel is present
* Remove an old kernel
* Observe that grub.cfg is regenerated and new kernel is removed from
grub.cfg
[Where problems could occur]
* These are conffiles. Although nobody should modify them, care should
be taken when moving conffiles around.
[Other Info]
* First reported by klebers
** Affects: grub2-signed (Ubuntu)
Importance: Undecided
Status: Fix Released
** Affects: grub2-signed (Ubuntu Trusty)
Importance: Undecided
Status: Triaged
** Affects: grub2-signed (Ubuntu Xenial)
Importance: Undecided
Status: Triaged
** Affects: grub2-signed (Ubuntu Bionic)
Importance: Undecided
Status: Triaged
** Also affects: grub2-signed (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: grub2-signed (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: grub2-signed (Ubuntu Bionic)
Importance: Undecided
Status: New
** Information type changed from Public to Public Security
** Changed in: grub2-signed (Ubuntu)
Status: New => Fix Released
** Changed in: grub2-signed (Ubuntu Trusty)
Status: New => Triaged
** Changed in: grub2-signed (Ubuntu Xenial)
Status: New => Triaged
** Changed in: grub2-signed (Ubuntu Bionic)
Status: New => Triaged
** Description changed:
[Impact]
- * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on arm64
+ * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on arm64
with grub-efi-arm64-signed installed, without grub-efi-arm64.
- * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on amd64
+ * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on amd64
with grub-efi-amd64-signed installed without grub-pc or grub-efi-amd64.
- * This results in newly installed kernels not getting added to grub.cfg
+ * This results in newly installed kernels not getting added to grub.cfg
and thus upon reboot one does not boot into the new kernel.
- * In later series these scripts moved to grub2-common. Maybe we should
+ * In later series these scripts moved to grub2-common. Maybe we should
move these to grub2-common in bionic and earlier too, for compatibility
- with onegrub.
-
+ with onegrub. Or alternatively grub2-signed should ship these in grub-
+ efi-{amd64,arm64}-signed packages too.
[Test Plan]
- * Install new grubs
+ * Install new grubs
- * Install a new kernel that was not installed before
+ * Install a new kernel that was not installed before
- * Observe that grub.cfg is regenerated and new kernel is present
+ * Observe that grub.cfg is regenerated and new kernel is present
- * Remove an old kernel
+ * Remove an old kernel
- * Observe that grub.cfg is regenerated and new kernel is removed from
+ * Observe that grub.cfg is regenerated and new kernel is removed from
grub.cfg
[Where problems could occur]
- * These are conffiles. Although nobody should modify them, care should
+ * These are conffiles. Although nobody should modify them, care should
be taken when moving conffiles around.
[Other Info]
-
- * First reported by klebers
+
+ * First reported by klebers
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928674
Title:
due to a new recommends grub-efi-arm64-signed is installed which does
not have postinst.d script
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-signed/+bug/1928674/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
