• Logo
    Ubuntu Pro
  • Pro overview
  • Pro Client
  • Pro services
    • Expanded Security Maintenance (ESM)
    • Livepatch
    • FIPS 140-2
    • Ubuntu Security Guide (USG)
    • Common Criteria EAL2
    • Anbox Cloud
    • ROS ESM
    • Real-time kernel
Contents Menu Expand Light mode Dark mode Auto light/dark mode
Ubuntu Pro Client documentation
Ubuntu Pro Client documentation
  • Tutorials
    • Introduction to the Pro Client commands
    • Explore your system's security with Pro
    • Host your own APT news
  • How-to guides
    • Attach...
      • How to attach
      • Simulate attaching
      • Attach with a configuration file
    • Enable...
      • Anbox Cloud
      • CC EAL
      • CIS or USG
      • ESM-Infra and ESM-Apps
      • ESM-Infra Legacy on Trusty
      • FIPS
      • Landscape
      • Livepatch
      • Real-Time Ubuntu
    • Handle vulnerabilities...
      • Check if affected by a CVE
      • Use pro fix to resolve a CVE/USN
      • Preview pro fix results
      • Skip fixing related USNs
      • Check if your system is affected by multiple CVEs
      • Preview result of fixing multiple CVEs
    • Configure messages...
      • Display APT News
      • How to use custom APT configuration
      • Refresh MOTD and APT messages
      • Configure a timer job
    • Configure a proxy
    • Configure TLS-in-TLS proxy
    • Enable Ubuntu Pro services in a Dockerfile
    • Create an Ubuntu FIPS Docker image
    • Create a customised Cloud Ubuntu Pro image
    • Cloud Ubuntu Pro images with FIPS updates
    • How to set up the Ubuntu Pro LXD integration
    • Check Pro Client version
    • Collect data logs for bug reporting
    • Get rid of corrupted locks
  • Reference
    • CLI reference guide
    • API reference guide
    • Error messages
    • Personal Package Archives (PPAs)
    • Supported Ubuntu releases
    • Service compatibility matrix
    • Network requirements
  • Explanation
    • Pro services...
      • Which services are for me?
      • Checking active services
      • About ESM, esm-apps and esm-infra
      • Disabling and purging services
    • Security...
      • About CVEs and USNs
      • Monitoring security coverage
      • Using pro fix to solve CVEs/USNs
    • Policies...
      • Ubuntu Pro airgapped/offline
      • How machines are counted
      • Feature deprecation policy
      • Data collection policy
    • Messages...
      • Pro-related APT messages
      • Pro-related MOTD messages
      • Timer jobs explained
    • How to interpret the output of CVE commands
    • Public Cloud Ubuntu Pro images
    • About the Pro daemon
    • The unattended-upgrades endpoint
    • The fix plan endpoint
Back to top

How to skip fixing related USNs#

The general scenarios you might encounter when running pro fix are outlined in our explanation of using pro fix to solve a CVE/USN.

When running the pro fix command for a USN, by default we also try to fix any related USNs as well. To better understand the concept of related USNs, you can refer to our related USNs guide. To make this clear, let’s take a look into the following example:

USN-5573-1: rsync vulnerability
Associated CVEs:
  - https://ubuntu.com/security/CVE-2022-37434

Fixing requested USN-5573-1
1 affected source package is installed: rsync
(1/1) rsync:
A fix is available in Ubuntu standard updates.
{ apt update && apt install --only-upgrade -y rsync }

✔ USN-5573-1 is resolved.

Found related USNs:
- USN-5570-1
- USN-5570-2

Fixing related USNs:
- USN-5570-1
No affected source packages are installed.

✔ USN-5570-1 does not affect your system.

- USN-5570-2
1 affected source package is installed: zlib
(1/1) zlib:
A fix is available in Ubuntu standard updates.
{ apt update && apt install --only-upgrade -y zlib1g }

✔ USN-5570-2 is resolved.

Summary:
✔ USN-5573-1 [requested] is resolved.
✔ USN-5570-1 [related] does not affect your system.
✔ USN-5570-2 [related] is resolved.

We can see here that the pro fix command fixed the requested USN-5573-1 while also handling both USN-5570-1 and USN-5570-2, which are related to the requested USN.

If you don’t want to fix any related USNs during the fix operation, you can use the --no-related flag. By running the command pro fix USN-5573-1 --no-related we would get the following output instead:

USN-5573-1: rsync vulnerability
Associated CVEs:
  - https://ubuntu.com/security/CVE-2022-37434

Fixing requested USN-5573-1
1 affected source package is installed: rsync
(1/1) rsync:
A fix is available in Ubuntu standard updates.
{ apt update && apt install --only-upgrade -y rsync }

✔ USN-5573-1 is resolved.

Comparing this output to the previous one, we can see that we have not analysed or tried to fix any related USNs.

Next
Check if a system is affected by a list of CVEs
Previous
How to preview the result of the pro fix command
Copyright © 2025, Canonical Group Ltd
Made with Sphinx and @pradyunsg's Furo