clarsen-007
commented
3 years ago Hi - Same issue on 20.04...
~$ apt-cache madison grub-common grub-pc grub-common | 2.04-1ubuntu26.12 | http://za.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages grub-common | 2.04-1ubuntu26.12 | http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages grub-common | 2.04-1ubuntu26 | http://za.archive.ubuntu.com/ubuntu focal/main amd64 Packages grub-pc | 2.04-1ubuntu26.12 | http://za.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages grub-pc | 2.04-1ubuntu26.12 | http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages grub-pc | 2.04-1ubuntu26 | http://za.archive.ubuntu.com/ubuntu focal/main amd64 Packages
~$ sudo cvescan -p all ✅ Ubuntu vulnerability datbase successfully downloaded! ✅ Scan complete!
CVE ID PRIORITY PACKAGE FIXED VERSION REPOSITORY CVE-2020-14372 medium grub-common 2.04-1ubuntu44.2 Ubuntu Archive CVE-2020-14372 medium grub-pc 2.04-1ubuntu44.2 Ubuntu Archive CVE-2020-14372 medium grub-pc-bin 2.04-1ubuntu44.2 Ubuntu Archive CVE-2020-14372 medium grub2-common 2.04-1ubuntu44.2 Ubuntu Archive CVE-2020-25632 medium grub-common 2.04-1ubuntu44.2 Ubuntu Archive CVE-2020-25632 medium grub-pc 2.04-1ubuntu44.2 Ubuntu Archive CVE-2020-25632 medium grub-pc-bin 2.04-1ubuntu44.2 Ubuntu Archive CVE-2020-25632 medium grub2-common 2.04-1ubuntu44.2 Ubuntu Archive CVE-2020-27749 medium grub-common 2.04-1ubuntu44.2 Ubuntu Archive CVE-2020-27749 medium grub-pc 2.04-1ubuntu44.2 Ubuntu Archive CVE-2020-27749 medium grub-pc-bin 2.04-1ubuntu44.2 Ubuntu Archive CVE-2020-27749 medium grub2-common 2.04-1ubuntu44.2 Ubuntu Archive CVE-2020-27779 medium grub-common 2.04-1ubuntu44.2 Ubuntu Archive CVE-2020-27779 medium grub-pc 2.04-1ubuntu44.2 Ubuntu Archive CVE-2020-27779 medium grub-pc-bin 2.04-1ubuntu44.2 Ubuntu Archive CVE-2020-27779 medium grub2-common 2.04-1ubuntu44.2 Ubuntu Archive CVE-2021-20225 medium grub-common 2.04-1ubuntu44.2 Ubuntu Archive CVE-2021-20225 medium grub-pc 2.04-1ubuntu44.2 Ubuntu Archive CVE-2021-20225 medium grub-pc-bin 2.04-1ubuntu44.2 Ubuntu Archive CVE-2021-20225 medium grub2-common 2.04-1ubuntu44.2 Ubuntu Archive CVE-2021-20233 medium grub-common 2.04-1ubuntu44.2 Ubuntu Archive CVE-2021-20233 medium grub-pc 2.04-1ubuntu44.2 Ubuntu Archive CVE-2021-20233 medium grub-pc-bin 2.04-1ubuntu44.2 Ubuntu Archive CVE-2021-20233 medium grub2-common 2.04-1ubuntu44.2 Ubuntu Archive
Summary
Ubuntu Release focal
Installed Packages 1779
CVE Priority All
Unique Packages Fixable by Patching 4
Unique CVEs Fixable by Patching 6
Vulnerabilities Fixable by Patching 24
Fixes Available by apt-get upgrade 24
~$ sudo apt-get update
Hit:1 http://za.archive.ubuntu.com/ubuntu focal InRelease
Hit:2 http://za.archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:3 http://za.archive.ubuntu.com/ubuntu focal-backports InRelease
Hit:4 http://dl.google.com/linux/chrome/deb stable InRelease
Get:5 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Fetched 114 kB in 1s (76.8 kB/s)
Reading package lists... Done
~$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
wdoust
ragingpastry
cvescanis reporting the following packages as vulnerable to several CVEs:grub-common,grub-pc,grub-pc-bin,grub2-common. It recommends upgrading each to version2.04-1ubuntu44.1.2but no such version exists for those packages.Full example reproducing what I'm seeing (in a docker container with
docker run --rm -it ubuntu:18.04 /bin/bash):