-1

Trying to look at patching this: https://ubuntu.com/security/notices/USN-6478-1

Am I right in assuming this patch is only available to those with a Pro contract on the server? https://ubuntu.com/security/notices/USN-6478-1#community

If I look at the installed version, it shows traceroute/jammy,now 1:2.1.0-2 amd64 [installed] but it looks like the patched version should have ~esm1 at the end..

Am I going mad? Is it patched already? Or am I unable to patch it without Pro?

Thanks in advance for your help.

Improve this question
2
  • Pro is free for up to 5 machines for personal use. So no need not to use it. Commented May 20, 2024 at 17:45
  • Thanks, but this isn't for personal use. Commented May 21, 2024 at 18:56

1 Answer 1

Reset to default
2

The updated/mitigated application is freely available upstream, just not in .deb format.

  • A patch was seemingly not released by upstream, so I hesitate to use the term "patched" lest folks get confused.

The package itself is not part of a stock install of Ubuntu. Most users never need it nor install it, and so are unaffected.

  • Packages that are included with a stock install of Ubuntu are in the main pocket of the Ubuntu repositories. main package security updates are available to everybody. Pro is for packages in the universe pocket, not main.

Any member of the community with the requisite skills can update the package, and hand it to a MOTU for upload. Then all non-Pro users get it immediately, too.

Pro customers will get the mitigated application in .deb format immediately. A convenience like most Pro services.

Non-LTS users will get the updated/mitigated package in the next release of Ubuntu (24.10).

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.