nullboot 0.5.0: shim 15.7-0ubuntu1 update
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nullboot (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
New
|
Undecided
|
Unassigned | ||
Jammy |
Fix Committed
|
Undecided
|
Unassigned |
Bug Description
[Impact]
Security update for shim
[Test plan]
* Deploy Azure CVM and TPM FDE
* Upgrade to this new package and reboot
* Boot should be successful
* Double check bios_measuremen
* CPC - build new image with nullboot preinstalled, and attempt to register and boot such an images as first time.
[Where problems could occur]
Resealing could fail
Shim could fail to boot
Limited to Azure confidential VMs in scope
Upgrade to and usage of interim lunar & mantic ubuntu releases is not supported on the Azure CVMs and does not work, hence this bug targets SRUs for LTS releases only.
CVE References
description: | updated |
description: | updated |
Changed in nullboot (Ubuntu Jammy): | |
status: | Incomplete → New |
This bug was fixed in the package nullboot - 0.5.0-0ubuntu1
---------------
nullboot (0.5.0-0ubuntu1) noble; urgency=medium
[ Julian Andres Klode ]
* Target Go 1.18 to allow newer dependencies with bug fixes
* GitHub actions:
- ci: Use pip to install pre-commit
- Update coveralls for parallel builds
* Rebuild against new shim 15.7-0ubuntu1 (LP: #2045552)
- CVE-2022-28737
[ Dimitri John Ledkov ]
* Upgrade to snapd 2.61 and some of the other deps (#68) (LP: #2045552)
[ dependabot[bot] ]
* Various automated dependency bumps, no further changes required
-- Julian Andres Klode <email address hidden> Mon, 04 Dec 2023 12:30:07 +0100