[Bug 1996503] Re: shim 15.7-0ubuntu1

Julian Andres Klode 1996503 at bugs.launchpad.net
Thu Nov 17 11:11:10 UTC 2022 

** Description changed:

  [Impact]
  New upstream release; shim security update CVE-2022-28737
  
  [Test plan]
  https://wiki.ubuntu.com/UEFI/SecureBoot/ShimUpdateProcess/TestPlan
  
  [Where problems could occur]
  Machines could become unbootable due to bugs as usual.
  
  Key rotations that require newer kernels can't enforce newer kernels
  being on the system prior to updates resulting in unbootable systems if
  kernels are not available.
+ 
+ Requires the grub2-unsigned >= 2.04-1ubuntu47.4, >= 2.06-2ubuntu10 to be
+ published to security and on each machine first too. Maybe should add Breaks to those (though you can set 'latest' policy and it would require upcoming grub uploads, so not _entirely_ useful).

** Description changed:

  [Impact]
  New upstream release; shim security update CVE-2022-28737
  
  [Test plan]
  https://wiki.ubuntu.com/UEFI/SecureBoot/ShimUpdateProcess/TestPlan
  
  [Where problems could occur]
  Machines could become unbootable due to bugs as usual.
  
  Key rotations that require newer kernels can't enforce newer kernels
  being on the system prior to updates resulting in unbootable systems if
  kernels are not available.
  
  Requires the grub2-unsigned >= 2.04-1ubuntu47.4, >= 2.06-2ubuntu10 to be
  published to security and on each machine first too. Maybe should add Breaks to those (though you can set 'latest' policy and it would require upcoming grub uploads, so not _entirely_ useful).
+ 
+ Also breaks fwupd.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim in Ubuntu.
https://bugs.launchpad.net/bugs/1996503

Title:
  shim 15.7-0ubuntu1

Status in shim package in Ubuntu:
  New

Bug description:
  [Impact]
  New upstream release; shim security update CVE-2022-28737

  [Test plan]
  https://wiki.ubuntu.com/UEFI/SecureBoot/ShimUpdateProcess/TestPlan

  [Where problems could occur]
  Machines could become unbootable due to bugs as usual.

  Key rotations that require newer kernels can't enforce newer kernels
  being on the system prior to updates resulting in unbootable systems
  if kernels are not available.

  Requires the grub2-unsigned >= 2.04-1ubuntu47.4, >= 2.06-2ubuntu10 to be
  published to security and on each machine first too. Maybe should add Breaks to those (though you can set 'latest' policy and it would require upcoming grub uploads, so not _entirely_ useful).

  Also breaks fwupd.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1996503/+subscriptions

More information about the foundations-bugs mailing list