Timeline for answer to I am a newbie just confused by the ubuntu security page by Thomas Ward
Current License: CC BY-SA 4.0
Post Revisions
7 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| May 20, 2025 at 15:05 | comment | added | S Zaff | Thank you for the support guys. much appreciated, i will reach out to our security team with all these details. | |
| May 17, 2025 at 18:03 | history | edited | Thomas Ward♦ | CC BY-SA 4.0 |
added 1 character in body
|
| May 17, 2025 at 18:02 | comment | added | Thomas Ward♦ | @SZaff sleepyhead is correct, partially. Your security scanners are likely NOT tuned to check package versions (especially if doing scans external to the system) and are likely NOT seeing things. THIS SAID, you are not up to date. You're up to date against CVE-2024-38541, but not other security patches and bug fixes in the kernel trees. During your next maintenance window, you should update these servers with the updated kernel and then reboot them. Production or not, security needs to be handled usually during scheduled maintenance windows. | |
| May 17, 2025 at 4:15 | comment | added | sleepyhead | Because most vulnerability scanners only look at the version number 6.8.0 and are not capable of distinguishing the patches applied on top. 6.8 is not an Linux kernel LTS, and the major distributions maintain their own patches. Most fixes are a couple on lines of code, but once compiled it is hard to trace back if a certain patch was applied. Hence the many falso positives from your scanner. | |
| May 17, 2025 at 2:54 | vote | accept | S Zaff | ||
| May 17, 2025 at 2:47 | comment | added | S Zaff | Thank you so much for the information !! If my version is up to date, why my security scans are showing many vulnerabilities. I am using apt update && apt upgrade to install updates. Do i need to do anything different ? NOTE :These are production servers. | |
| May 17, 2025 at 1:11 | history | answered | Thomas Ward♦ | CC BY-SA 4.0 |