Released in grub2-signed (1.66.26).
** Changed in: grub2-signed (Ubuntu Xenial)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
This bug was fixed in the package grub2 - 2.02~beta2-36ubuntu3.26
---
grub2 (2.02~beta2-36ubuntu3.26) xenial; urgency=medium
[ Chris Coulson ]
* SECURITY UPDATE: Heap buffer overflow when encountering commands that
cannot be tokenized to less than 8192 characters.
-
This bug was fixed in the package grub2 - 2.02~beta2-9ubuntu1.17
---
grub2 (2.02~beta2-9ubuntu1.17) trusty; urgency=medium
* debian/grub-check-signatures: check kernel signatures against keys known
in firmware, in case a kernel is signed but not using a key that will pass
This bug was fixed in the package grub2-signed - 1.93.13
---
grub2-signed (1.93.13) bionic; urgency=medium
* Rebuild against grub2 2.02-2ubuntu8.12.
grub2-signed (1.93.12) bionic; urgency=medium
* Rebuild against grub2 2.02-2ubuntu8.11.
(LP: #1401532) (LP: #1814403) (LP:
This bug was fixed in the package grub2 - 2.02-2ubuntu8.12
---
grub2 (2.02-2ubuntu8.12) bionic; urgency=medium
* debian/grub-check-signatures: make sure grub-check-signatures conserves
its execute bit.
grub2 (2.02-2ubuntu8.11) bionic; urgency=medium
[ Mathieu
This probably should not have been closed as Fix Released quite yet. A
gsbx64.efi binary was being built, which allowed enforcement.
Now, the proper fix to never allow unsigned / invalidly signed kernels
has landed in Cosmic; so proceeding with the SRUs.
** No longer affects: grub2 (Ubuntu
This bug was fixed in the package grub2 - 2.02-2ubuntu1
---
grub2 (2.02-2ubuntu1) bionic; urgency=medium
* Merge with Debian; remaining changes:
- debian/patches/support_initrd-less_boot.patch: Added knobs to allow
non-initrd boot config. (LP: #1640878)
- Disable
This bug was fixed in the package grub2 - 2.02~beta3-4ubuntu2
---
grub2 (2.02~beta3-4ubuntu2) zesty; urgency=medium
* debian/build-efi-images: provide a new grub EFI image which enforces that
loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is
the same
I'm updating the description for this bug and opening a grub2-signed
task (and the relevant release tasks). We're at the point where the
grub2 fallback code needs to be addressed.
** Description changed:
+ [Rationale]
+ GRUB should help us enforce that in UEFI mode, only signed kernels are
9 matches
Mail list logo