0

We have internal and external SLA's that we adhere to with regards to fixing vulnerabilities of a critical nature.

Currently, we are running 18.04 LTS. The MOTD says:

102 packages can be updated. 0 updates are security updates.

But our CVSS/Vulnerability Monitor is reporting that:

Upgrade linux-headers-5.4.0-1029-aws Upgrade linux-aws-5.4-headers-5.4.0-1029 Upgrade linux-image-5.4.0-1029-aws Upgrade linux-modules-5.4.0-1029-aws

Are all subject to:

CVE-2021-1052, CVE-2020-28374, CVE-2020-14351, CVE-2020-16120, CVE-2020-4788

Which are all rated as "HIGH"

Vulnerabilities listed

Should we not expect package upgrades for this? Is the CVSS database treating this different than Ubuntu?

Thanks for the help to keep everything locked up tight.

Joshua Ziering
  • 1
  • These security updates were released already. Check to see if you have them installed already but forgot to reboot. And check you didn't disable the security or updates repos. – Michael Hampton Feb 02 '21 at 17:34
  • Indeed, you should be at 1037 at this point. What version are you actually running? Is it a matter of not getting old versions cleaned up or are you far behind on the kernel versions? – Håkan Lindqvist Feb 02 '21 at 17:46
  • Thanks to you both. I just had to do a reboot and all was right with the world. I wish the MOTD was a little more verbose that the package may be installed but you need to reboot. It was a little vague. Thanks. – Joshua Ziering Feb 02 '21 at 21:12

0 Answers0