*** This bug is a security vulnerability *** Public security bug reported:
A user is sometimes presented with a highly undesirable and insecure default option in a popup window, after a kernel update. He is namely being asked what he wants to do with the old menu.lst, and the proposed answer is.... to keep the old menu.lst! When the user agrees with the proposed answer, the new kernel lines aren't added to menu.lst. And so the user will continue to boot from the old, outdated kernel. This happens only when something was previously changed inside the Automagic part of the Grub menu.lst, for example by startupmanager. For more information see this bug report: https://bugs.launchpad.net/ubuntu/+source/grub/+bug/238339 As startupmanager is a tool that's often used by beginners with Linux, this creates grave security risks for those unsuspecting beginners. Please fix startupmanager, so that it only can change those options in menu.lst that won't trigger the popup window mentioned above, after a kernel update. I quote a member of the Grub team (last sentence in his post): "In any event, if users are seeing this prompt as a result of using startupmanager, then a high-priority task needs to be opened on startupmanager to get *that* tool fixed." https://bugs.launchpad.net/ubuntu/+source/grub/+bug/238339/comments/6 I hope you can fix this quickly. It's real bad. Thanks in advance, Pjotr. ** Affects: startupmanager (Ubuntu) Importance: Undecided Status: New ** This bug has been flagged as a security issue -- startupmanager triggers a highly insecure default option after a kernel update https://bugs.launchpad.net/bugs/238392 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
