Public bug reported:
root@malefic:~# ua fix CVE-2021-3410
CVE-2021-3410: libcaca vulnerability
https://ubuntu.com/security/CVE-2021-3410
1 affected package is installed: libcaca
(1/1) libcaca:
A fix is available in Ubuntu standard updates.
The update is already installed.
A reboot is required to complete fix operation.
✘ CVE-2021-3410 is not resolved.
root@malefic:~#
The line 'A reboot is required to complete fix operation.' may be
partially true (i.e. a reboot is needed) for other reasons, but is not
accurate in the context of this CVE. Both 'checkrestart' and
'needrestart' confirm that no running process is using the caca library.
Looking at the code, it looks like it's looking at a global 'needs
reboot' flag, unrelated to the specific fix operation. I'd argue that
a) it shouldn't say 'to complete fix operation' and b) it shouldn't
claim 'CVE-2021-3410 is not resolved'.
** Affects: ubuntu-advantage-tools (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1926183
Title:
'ua fix' tells me to reboot with inaccurate message
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1926183/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
