Endless OS 3.8.6 was released for existing users today, Aug 31st, 2020.
Downloadable images for new users will be available in the next few days.
SecureBoot vulnerability fixes
Developers in the Linux community have recently become aware of a severe problem in the GRUB2 bootloader that allows a bad actor to completely circumvent UEFI Secure Boot. This vulnerability was discovered by researchers at Eclypsium and given the name BootHole. While a group of engineers worked to fix this bug, they also performed an in-depth audit of GRUB2’s source code, fixing a few other vulnerabilities in the process. A full list can be found in Debian’s Security Advisory 4735 (which we use as base for our GRUB2 package).
All vulnerabilities mentioned above are now fixed in Endless OS 3.8.6. We are also using a new secure boot signing certificate to sign these new packages, and have revoked the old certificates, to prevent a downgrade to the vulnerable binaries.
Other Improvements and Changes
- We’ve updated to Chromium 84.0.4147.125 bringing new improvements and security fixes to Endless’ built-in web browser.
- The App Center was updated to fix a crash on Endless Mini when switching categories.
- An edge case where reformatting would fail after getting part-way through the reformatting process during initial setup, then cancelling, then trying again from the desktop session has been fixed.
- The Endless icon theme no longer causes the obsolete freedesktop.org SDK version 1.6 to be preinstalled.