Why is my Ubuntu VM not installing updates

Diego Marin

1/16/23, 2:05 PM

There are are old CVEs which Ubuntu has a fix for.

For example : https://ubuntu.com/security/cve-2019-18276

I currently have Bash version 4.4.20.

If I run apt list --upgradable, I don't see Bash in the list of upgradable packages.

Why Bash doesn't show up on the list ? Is it part of other packages ?
I have multiple Repos on my sources.list. Does Ubuntu check all of them ?

Thank You

0 + 0

package-management

apt

official-repositories

Terrance

1/16/23, 2:09 PM

Did you read at the bottom of that page? "This issue appears to only affect bash when bash is setuid. Ubuntu does not ship with bash setuid, so this has minimal impact for Ubuntu users. This is why we have rated the priority for this issue 'low'. reproducer steps in the suse bugzilla"

user535733

1/16/23, 3:49 PM

At the top of that page, too: "`Status: Needed`." You are looking for patched version of a package *that has not been patched*. Also, Bash 4.4.20 is not in the Ubuntu repositories, which suggests that you are not running a supported release of Ubuntu anyway.

Diego Marin

1/16/23, 4:32 PM

I am running Ubuntu 18.04 LTS (Bionic Beaver) which the CVE lists as needing the patch and my understanding is that it is a supported release, so I am not following.

Terrance

1/16/23, 4:41 PM

It says `Status: Needed` which means that it is not patched. But since Canonical does not ship Ubuntu with bash setuid the urgency for them to patch it is very low. When you see this, chances are they may never patch it.

Diego Marin

1/16/23, 8:19 PM

Ah, thanks for pointing that out. So from a security perspective, I would love to get some recommendations to deal with this vulnerabilities that are being reported by our Defender for Linux agent. CVE-2021-3770, CVE-2017-11164 to name a few. Should I ignore these if the patch is not available on the Ubuntu Repo or use another repo to fix these ?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Why is my Ubuntu VM not installing updates

TH: เหตุใด Ubuntu VM ของฉันจึงไม่ติดตั้งการอัปเดต

RO: De ce VM-ul meu Ubuntu nu instalează actualizări

RU: Почему моя виртуальная машина Ubuntu не устанавливает обновления

VI: Tại sao Ubuntu VM của tôi không cài đặt các bản cập nhật

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.