group.of.nepali.translators team mailing list archive

[Dimitri John Ledkov <1928674@xxxxxxxxxxxxxxxxxx>]

*** This bug is a security vulnerability ***

Public security bug reported:

[Impact]

 * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on arm64
with grub-efi-arm64-signed installed, without grub-efi-arm64.

 * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on amd64
with grub-efi-amd64-signed installed without grub-pc or grub-efi-amd64.

 * This results in newly installed kernels not getting added to grub.cfg
and thus upon reboot one does not boot into the new kernel.

 * In later series these scripts moved to grub2-common. Maybe we should
move these to grub2-common in bionic and earlier too, for compatibility
with onegrub. Or alternatively grub2-signed should ship these in grub-
efi-{amd64,arm64}-signed packages too.

[Test Plan]

 * Install new grubs

 * Install a new kernel that was not installed before

 * Observe that grub.cfg is regenerated and new kernel is present

 * Remove an old kernel

 * Observe that grub.cfg is regenerated and new kernel is removed from
grub.cfg

[Where problems could occur]

 * These are conffiles. Although nobody should modify them, care should
be taken when moving conffiles around.

[Other Info]

 * First reported by klebers

** Affects: grub2-signed (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: grub2-signed (Ubuntu Trusty)
     Importance: Undecided
         Status: Triaged

** Affects: grub2-signed (Ubuntu Xenial)
     Importance: Undecided
         Status: Triaged

** Affects: grub2-signed (Ubuntu Bionic)
     Importance: Undecided
         Status: Triaged

** Also affects: grub2-signed (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: grub2-signed (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: grub2-signed (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Information type changed from Public to Public Security

** Changed in: grub2-signed (Ubuntu)
       Status: New => Fix Released

** Changed in: grub2-signed (Ubuntu Trusty)
       Status: New => Triaged

** Changed in: grub2-signed (Ubuntu Xenial)
       Status: New => Triaged

** Changed in: grub2-signed (Ubuntu Bionic)
       Status: New => Triaged

** Description changed:

  [Impact]
  
-  * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on arm64
+  * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on arm64
  with grub-efi-arm64-signed installed, without grub-efi-arm64.
  
-  * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on amd64
+  * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on amd64
  with grub-efi-amd64-signed installed without grub-pc or grub-efi-amd64.
  
-  * This results in newly installed kernels not getting added to grub.cfg
+  * This results in newly installed kernels not getting added to grub.cfg
  and thus upon reboot one does not boot into the new kernel.
  
-  * In later series these scripts moved to grub2-common. Maybe we should
+  * In later series these scripts moved to grub2-common. Maybe we should
  move these to grub2-common in bionic and earlier too, for compatibility
- with onegrub.
- 
+ with onegrub. Or alternatively grub2-signed should ship these in grub-
+ efi-{amd64,arm64}-signed packages too.
  
  [Test Plan]
  
-  * Install new grubs
+  * Install new grubs
  
-  * Install a new kernel that was not installed before
+  * Install a new kernel that was not installed before
  
-  * Observe that grub.cfg is regenerated and new kernel is present
+  * Observe that grub.cfg is regenerated and new kernel is present
  
-  * Remove an old kernel
+  * Remove an old kernel
  
-  * Observe that grub.cfg is regenerated and new kernel is removed from
+  * Observe that grub.cfg is regenerated and new kernel is removed from
  grub.cfg
  
  [Where problems could occur]
  
-  * These are conffiles. Although nobody should modify them, care should
+  * These are conffiles. Although nobody should modify them, care should
  be taken when moving conffiles around.
  
  [Other Info]
-  
-  * First reported by klebers
+ 
+  * First reported by klebers

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1928674

Title:
  due to a new recommends grub-efi-arm64-signed is installed which does
  not have postinst.d script

Status in grub2-signed package in Ubuntu:
  Fix Released
Status in grub2-signed source package in Trusty:
  Triaged
Status in grub2-signed source package in Xenial:
  Triaged
Status in grub2-signed source package in Bionic:
  Triaged

Bug description:
  [Impact]

   * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on arm64
  with grub-efi-arm64-signed installed, without grub-efi-arm64.

   * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on amd64
  with grub-efi-amd64-signed installed without grub-pc or grub-efi-
  amd64.

   * This results in newly installed kernels not getting added to
  grub.cfg and thus upon reboot one does not boot into the new kernel.

   * In later series these scripts moved to grub2-common. Maybe we
  should move these to grub2-common in bionic and earlier too, for
  compatibility with onegrub. Or alternatively grub2-signed should ship
  these in grub-efi-{amd64,arm64}-signed packages too.

  [Test Plan]

   * Install new grubs

   * Install a new kernel that was not installed before

   * Observe that grub.cfg is regenerated and new kernel is present

   * Remove an old kernel

   * Observe that grub.cfg is regenerated and new kernel is removed from
  grub.cfg

  [Where problems could occur]

   * These are conffiles. Although nobody should modify them, care
  should be taken when moving conffiles around.

  [Other Info]

   * First reported by klebers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-signed/+bug/1928674/+subscriptions