Public bug reported: root@malefic:~# ua fix CVE-2021-3410 CVE-2021-3410: libcaca vulnerability https://ubuntu.com/security/CVE-2021-3410 1 affected package is installed: libcaca (1/1) libcaca: A fix is available in Ubuntu standard updates. The update is already installed. A reboot is required to complete fix operation. ✘ CVE-2021-3410 is not resolved. root@malefic:~#
The line 'A reboot is required to complete fix operation.' may be partially true (i.e. a reboot is needed) for other reasons, but is not accurate in the context of this CVE. Both 'checkrestart' and 'needrestart' confirm that no running process is using the caca library. Looking at the code, it looks like it's looking at a global 'needs reboot' flag, unrelated to the specific fix operation. I'd argue that a) it shouldn't say 'to complete fix operation' and b) it shouldn't claim 'CVE-2021-3410 is not resolved'. ** Affects: ubuntu-advantage-tools (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926183 Title: 'ua fix' tells me to reboot with inaccurate message To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1926183/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs