![]() The newly spun images carries patched, safe, and approved versions of the various affected components, including GRUB2. A local attacker with administrative privileges (or with physical access to the system) could use this issue to circumvent GRUB2 module signature checking, resulting in the ability to load arbitrary GRUB2 modules that have not been signed by a trusted authority and hence bypass UEFI Secure Boot.”Īs part of the remediation the 2012 Ubuntu signing key and two GRUB2 binaries were added to the UEFI DBX revocation list in August 2020. “It was discovered that multiple vulnerabilities existed in GNU GRUB, that could potentially lead to the ability to bypass UEFI Secure Boot restrictions. The BootHole vulnerability is explained in more detail on the Ubuntu blog as well on the Ubuntu Security Team Wiki, excerpt below: “Unlike previous point releases, 18.04.6 is a refresh of the amd64 and arm64 installer media after the key revocation related to the BootHole vulnerability, re-enabling their usage on Secure Boot enabled systems,” writes Canonical’s Łukasz Zemczak explains in a release announcement. This (unplanned) point release arrives with one key - pun intended - purpose: to make Ubuntu 18.04 LTS bootable again on Secure Boot-enabled systems. No, you’re not misreading the title, Ubuntu 18.04.6 LTS is available to download. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |