Subiquity 20.05.2 has been released to stable (CVE-2020-11932)

I’ve just released subiquity 20.05.2 to the stable channel, meaning that all users of the live server installer will be offered the upgrade during installation. You can see the changes in this update on github at:

This release fixes a bug where the luks passphrase for any encrypted volumes was leaked into the logs, which were then copied to the installed system. (LP: #1878115 CVE-2020-11932)

The updated subiquity to address this issue has been published in the snapstore, when online a snap refresh will be offered during live installer. Opting in to update the installer will address this issue and will prevent leaking this information in the logs.

1 Like