vpetersson
commented
4 years ago Same is true for:
- CVE-2020-2732
- CVE-2019-1563
- CVE-2019-1547
- CVE-2020-1711
- CVE-2020-7039
Closed vpetersson closed 4 years ago
vpetersson
commented
4 years ago Same is true for:
a-martynovich
commented
4 years ago I just retraced your steps. Ran agent in my Amazon VM, got the RA about CVE-2020-8648. Ran wott-agent upgrade kernel kernel-headers kernel-tools, it picked up the updates, and all CVE-2020-* RAs were resolved. Perhaps these updates were released after being reported by ALAS.
a-martynovich
commented
4 years ago Same with CVE-2019-1563 and CVE-2019-1547.
vpetersson
commented
4 years ago Strange. Yeah maybe it's something in the agent. It only appears to affect 2/3 of my AWS Linux 2 nodes (wott-aws-linux-2-0 and wott-aws-linux-2-2 are affected).
I ran the same command on all three nodes, with the same output:
ec2-user@wott-aws-linux-2-0 ~]$ sudo wott-agent upgrade kernel kernel-headers kernel-tools
upgrade packages: ['kernel', 'kernel-headers', 'kernel-tools']
The following packages will be upgraded:
Confirm: [y/N]NLooking closer, here's the actual installed versions:
[ec2-user@wott-aws-linux-2-0 ~]$ yum list installed | grep kernel
kernel.x86_64 4.14.165-133.209.amzn2 @amzn2-core
kernel.x86_64 4.14.171-136.231.amzn2 @amzn2-core
kernel.x86_64 4.14.173-137.228.amzn2 installed
kernel-tools.x86_64 4.14.171-136.231.amzn2 @amzn2-core
kernel-tools.x86_64 4.14.173-137.228.amzn2 installed[ec2-user@wott-aws-linux-2-1 ~]$ yum list installed | grep kernel
kernel.x86_64 4.14.165-131.185.amzn2 installed
kernel.x86_64 4.14.171-136.231.amzn2 @amzn2-core
kernel.x86_64 4.14.173-137.228.amzn2 @amzn2-core
kernel-tools.x86_64 4.14.173-137.228.amzn2 @amzn2-core[ec2-user@wott-aws-linux-2-2 ~]$ yum list installed | grep kernel
kernel.x86_64 4.14.165-131.185.amzn2 installed
kernel.x86_64 4.14.171-136.231.amzn2 @amzn2-core
kernel.x86_64 4.14.173-137.228.amzn2 installed
kernel-tools.x86_64 4.14.171-136.231.amzn2 @amzn2-core
kernel-tools.x86_64 4.14.173-137.228.amzn2 installedDebug output: https://gist.github.com/vpetersson/b25ac3c3feee03e09f87cc476078e905
vpetersson
commented
4 years ago I'm seeing similar issue on Ubuntu:
Screenshot:
$ sudo lsb_release -a
sudo: unable to resolve host us
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.4 LTS
Release: 18.04
Codename: bionicvpetersson@us:~$ sudo apt update -qq
All packages are up to date.
vpetersson@us:~$ sudo apt upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.Yeah I can confirm that this is still an issue on Ubuntu 18.04.
Dashboard is showing CVE-2018-16865, but:
vpetersson@us:~$ sudo wott-agent upgrade libgudev-1.0-0 libnss-myhostname libnss-systemd libpam-systemd libsystemd0 libsystemd-journal0 libsystemd-login0 libudev1 systemd systemd-sysv udev
sudo: unable to resolve host us
upgrade packages: ['libgudev-1.0-0', 'libnss-myhostname', 'libnss-systemd', 'libpam-systemd', 'libsystemd0', 'libsystemd-journal0', 'libsystemd-login0', 'libudev1', 'systemd', 'systemd-sysv', 'udev']
Hit https://repos.insights.digitalocean.com/apt/do-agent main InRelease
Hit http://deb.goaccess.io bionic InRelease
Get:1 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Hit http://archive.ubuntu.com/ubuntu bionic InRelease
Get:2 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:3 http://archive.ubuntu.com/ubuntu bionic-updates/universe i386 Packages [1012 kB]
Get:4 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [1061 kB]
Hit https://packagecloud.io/wott/agent/ubuntu bionic InRelease
Fetched 2251 kB in 6s (0 B/s)
The following packages will be upgraded:
Confirm: [y/N]Closing this out after discussion with @a-martynovich. Turns out it's related to old packages being installed.
Got this RA today:
However, when trying to fix it, there was no fix available: