[Bug 1996503] Re: shim 15.7-0ubuntu1
Julian Andres Klode
1996503 at bugs.launchpad.net
Thu Nov 17 11:11:10 UTC 2022
** Description changed:
[Impact]
New upstream release; shim security update CVE-2022-28737
[Test plan]
https://wiki.ubuntu.com/UEFI/SecureBoot/ShimUpdateProcess/TestPlan
[Where problems could occur]
Machines could become unbootable due to bugs as usual.
Key rotations that require newer kernels can't enforce newer kernels
being on the system prior to updates resulting in unbootable systems if
kernels are not available.
+
+ Requires the grub2-unsigned >= 2.04-1ubuntu47.4, >= 2.06-2ubuntu10 to be
+ published to security and on each machine first too. Maybe should add Breaks to those (though you can set 'latest' policy and it would require upcoming grub uploads, so not _entirely_ useful).
** Description changed:
[Impact]
New upstream release; shim security update CVE-2022-28737
[Test plan]
https://wiki.ubuntu.com/UEFI/SecureBoot/ShimUpdateProcess/TestPlan
[Where problems could occur]
Machines could become unbootable due to bugs as usual.
Key rotations that require newer kernels can't enforce newer kernels
being on the system prior to updates resulting in unbootable systems if
kernels are not available.
Requires the grub2-unsigned >= 2.04-1ubuntu47.4, >= 2.06-2ubuntu10 to be
published to security and on each machine first too. Maybe should add Breaks to those (though you can set 'latest' policy and it would require upcoming grub uploads, so not _entirely_ useful).
+
+ Also breaks fwupd.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim in Ubuntu.
https://bugs.launchpad.net/bugs/1996503
Title:
shim 15.7-0ubuntu1
Status in shim package in Ubuntu:
New
Bug description:
[Impact]
New upstream release; shim security update CVE-2022-28737
[Test plan]
https://wiki.ubuntu.com/UEFI/SecureBoot/ShimUpdateProcess/TestPlan
[Where problems could occur]
Machines could become unbootable due to bugs as usual.
Key rotations that require newer kernels can't enforce newer kernels
being on the system prior to updates resulting in unbootable systems
if kernels are not available.
Requires the grub2-unsigned >= 2.04-1ubuntu47.4, >= 2.06-2ubuntu10 to be
published to security and on each machine first too. Maybe should add Breaks to those (though you can set 'latest' policy and it would require upcoming grub uploads, so not _entirely_ useful).
Also breaks fwupd.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1996503/+subscriptions
More information about the foundations-bugs
mailing list