Updating Applications with Vulnerabilities

Diego Marin

1/15/23, 11:24 PM

I am using the default Ubuntu Distros in an Azure Bionic VM. I would like to update software with vulnerabilities such as VIM, but it seems the only version available in these Distros is version 8.0. Shouldn't the security distro have an update available for VIM and any other software with vulnerabilities ? Need some 101 Guidance here please.

sources.list

0 + 0

security

distro-recommendation

user535733

1/16/23, 12:09 AM

The answer to the specific question asked (*Shouldn't the security distro have an update available?*) is 'No' *because of the way you phrased the question*. There are two ways to address a vulnerability: 1) Apply a patch to the current version, or 2) Update to a newer version (that includes the patch). The question assumes the #2 is preferable. The Ubuntu Security Team actually does #1 for most CVEs (there are exceptions).

Thomas Ward

1/16/23, 12:45 AM

Refer to the following posts for some more useful information on this topic: [Why don't the Ubuntu repositories have the latest versions of software?](https://askubuntu.com/questions/151283/why-dont-the-ubuntu-repositories-have-the-latest-versions-of-software) and [my answer to another question summarizing generally 'when a security patch happens'](https://askubuntu.com/questions/1362875/ubuntu-release-update-packages/1362877#1362877).

Thomas Ward

1/16/23, 12:45 AM

Part of the 'update' process is to backport packages, and if there's a Vim update they'll issue a [USN here](https://www.bing.com/newtabredir?url=https%3A%2F%2Fubuntu.com%2Fsecurity%2Fnotices)

Terrance

1/16/23, 3:38 AM

If you ever want to see what version and what changes they have made to a package just run `apt changelog <app name>` like `apt changelog vim` will actually show that it is version `8.1.2269-1ubuntu5` for Ubuntu 20.04 repos.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Updating Applications with Vulnerabilities

TH: การอัปเดตแอปพลิเคชันที่มีช่องโหว่

RO: Actualizarea aplicațiilor cu vulnerabilități

RU: Обновление приложений с уязвимостями

VI: Cập nhật ứng dụng có lỗ hổng

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.