[Bug 1996950] Re: CVE-2022-2601, CVE-2022-3775: font security fixes
Julian Andres Klode
1996950 at bugs.launchpad.net
Fri Jan 27 13:28:01 UTC 2023
Both focal and bionic also succesfully rebooted, horray. I forgot to
mention I checked mokutil --sb-state on all lxd instances (and the
multipass instances checked booting without secure boot, fwiw).
focal:
Setting up grub-efi-amd64-bin (2.06-2ubuntu14) ...
Setting up grub-efi-amd64-signed (1.187.2~20.04.2+2.06-2ubuntu14) ...
Trying to migrate /boot/efi into esp config
Installing grub to /boot/efi.
Installing for x86_64-efi platform.
Installation finished. No error reported.
root at focal:~# mokutil --sb-state
SecureBoot enabled
bionic:
Setting up grub-efi-amd64-bin (2.06-2ubuntu14) ...
Setting up grub-efi-amd64 (2.06-2ubuntu14) ...
Installing for x86_64-efi platform.
Installation finished. No error reported.
Sourcing file `/etc/default/grub'
Sourcing file `/etc/default/grub.d/50-lxd.cfg'
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.15.0-202-generic
Found initrd image: /boot/initrd.img-4.15.0-202-generic
Adding boot menu entry for EFI firmware configuration
done
Setting up grub-efi-amd64-signed (1.187.2~18.04.1+2.06-2ubuntu14) ...
Installing for x86_64-efi platform.
Installation finished. No error reported.
** Tags removed: verification-needed-bionic verification-needed-focal
** Tags added: verification-done-bionic verification-done-focal
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1996950
Title:
CVE-2022-2601, CVE-2022-3775: font security fixes
Status in grub2-signed package in Ubuntu:
Fix Released
Status in grub2-unsigned package in Ubuntu:
Fix Released
Status in grub2-signed source package in Bionic:
New
Status in grub2-unsigned source package in Bionic:
Fix Committed
Status in grub2-signed source package in Focal:
Fix Released
Status in grub2-unsigned source package in Focal:
Fix Committed
Status in grub2-signed source package in Jammy:
New
Status in grub2-unsigned source package in Jammy:
Fix Committed
Status in grub2-signed source package in Kinetic:
New
Status in grub2-unsigned source package in Kinetic:
Fix Committed
Status in grub2-signed source package in Lunar:
Fix Released
Status in grub2-unsigned source package in Lunar:
Fix Released
Bug description:
[Impact]
security update staged in updates
[Test plan]
Boot it on multiple systems. Notably juliank will be doing semi-automated testing in QEMU that does chainbooting over network (shim->grub->shim->grub); and boots on T14 G3 AMD and an XPS 13; chrisccoulson did his own security testing before that.
[Where problems could occur]
Font loading is disabled, could cause rendering issues
Unicode font stuffed in xz squashfs, could cause more memory issues
during boot
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-signed/+bug/1996950/+subscriptions
More information about the foundations-bugs
mailing list