*** This bug is a security vulnerability *** Public security bug reported:
[Impact] * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on arm64 with grub-efi-arm64-signed installed, without grub-efi-arm64. * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on amd64 with grub-efi-amd64-signed installed without grub-pc or grub-efi-amd64. * This results in newly installed kernels not getting added to grub.cfg and thus upon reboot one does not boot into the new kernel. * In later series these scripts moved to grub2-common. Maybe we should move these to grub2-common in bionic and earlier too, for compatibility with onegrub. Or alternatively grub2-signed should ship these in grub- efi-{amd64,arm64}-signed packages too. [Test Plan] * Install new grubs * Install a new kernel that was not installed before * Observe that grub.cfg is regenerated and new kernel is present * Remove an old kernel * Observe that grub.cfg is regenerated and new kernel is removed from grub.cfg [Where problems could occur] * These are conffiles. Although nobody should modify them, care should be taken when moving conffiles around. [Other Info] * First reported by klebers ** Affects: grub2-signed (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: grub2-signed (Ubuntu Trusty) Importance: Undecided Status: Triaged ** Affects: grub2-signed (Ubuntu Xenial) Importance: Undecided Status: Triaged ** Affects: grub2-signed (Ubuntu Bionic) Importance: Undecided Status: Triaged ** Also affects: grub2-signed (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: grub2-signed (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: grub2-signed (Ubuntu Bionic) Importance: Undecided Status: New ** Information type changed from Public to Public Security ** Changed in: grub2-signed (Ubuntu) Status: New => Fix Released ** Changed in: grub2-signed (Ubuntu Trusty) Status: New => Triaged ** Changed in: grub2-signed (Ubuntu Xenial) Status: New => Triaged ** Changed in: grub2-signed (Ubuntu Bionic) Status: New => Triaged ** Description changed: [Impact] - * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on arm64 + * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on arm64 with grub-efi-arm64-signed installed, without grub-efi-arm64. - * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on amd64 + * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on amd64 with grub-efi-amd64-signed installed without grub-pc or grub-efi-amd64. - * This results in newly installed kernels not getting added to grub.cfg + * This results in newly installed kernels not getting added to grub.cfg and thus upon reboot one does not boot into the new kernel. - * In later series these scripts moved to grub2-common. Maybe we should + * In later series these scripts moved to grub2-common. Maybe we should move these to grub2-common in bionic and earlier too, for compatibility - with onegrub. - + with onegrub. Or alternatively grub2-signed should ship these in grub- + efi-{amd64,arm64}-signed packages too. [Test Plan] - * Install new grubs + * Install new grubs - * Install a new kernel that was not installed before + * Install a new kernel that was not installed before - * Observe that grub.cfg is regenerated and new kernel is present + * Observe that grub.cfg is regenerated and new kernel is present - * Remove an old kernel + * Remove an old kernel - * Observe that grub.cfg is regenerated and new kernel is removed from + * Observe that grub.cfg is regenerated and new kernel is removed from grub.cfg [Where problems could occur] - * These are conffiles. Although nobody should modify them, care should + * These are conffiles. Although nobody should modify them, care should be taken when moving conffiles around. [Other Info] - - * First reported by klebers + + * First reported by klebers -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1928674 Title: due to a new recommends grub-efi-arm64-signed is installed which does not have postinst.d script Status in grub2-signed package in Ubuntu: Fix Released Status in grub2-signed source package in Trusty: Triaged Status in grub2-signed source package in Xenial: Triaged Status in grub2-signed source package in Bionic: Triaged Bug description: [Impact] * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on arm64 with grub-efi-arm64-signed installed, without grub-efi-arm64. * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on amd64 with grub-efi-amd64-signed installed without grub-pc or grub-efi- amd64. * This results in newly installed kernels not getting added to grub.cfg and thus upon reboot one does not boot into the new kernel. * In later series these scripts moved to grub2-common. Maybe we should move these to grub2-common in bionic and earlier too, for compatibility with onegrub. Or alternatively grub2-signed should ship these in grub-efi-{amd64,arm64}-signed packages too. [Test Plan] * Install new grubs * Install a new kernel that was not installed before * Observe that grub.cfg is regenerated and new kernel is present * Remove an old kernel * Observe that grub.cfg is regenerated and new kernel is removed from grub.cfg [Where problems could occur] * These are conffiles. Although nobody should modify them, care should be taken when moving conffiles around. [Other Info] * First reported by klebers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2-signed/+bug/1928674/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp