• Logo
    Ubuntu Pro
  • Forum
  • Ubuntu Pro FAQ
  • Pro services
    • Expanded Security Maintenance (ESM)
    • Livepatch
    • FIPS 140-2
    • Ubuntu Security Guide (USG)
    • CIS benchmarking
    • Common Criteria EAL2
    • ROS ESM
    • Real-time kernel
Contents Menu Expand Light mode Dark mode Auto light/dark mode
Ubuntu Pro Client documentation
Ubuntu Pro Client documentation
  • Tutorials
    • Get started with Ubuntu Pro Client
    • Use pro fix to solve CVE/USN
    • Create an Ubuntu FIPS Docker image
    • How to customise a cloud Ubuntu Pro image with FIPS updates
  • How-to guides
    • Get an Ubuntu Pro token and attach to a subscription
    • Attach with a configuration file
    • Collect data logs for bug reporting
    • Configure...
      • Displaying APT News
      • A proxy
      • A TLS-in-TLS proxy
      • A timer job
    • Enable...
      • Pro Services in a Dockerfile
      • Anbox Cloud
      • CC EAL
      • CIS
      • ESM-Infra and ESM-Apps
      • FIPS
      • Landscape
      • Livepatch
      • Real-Time Kernel
    • Run `fix` in "dry run" mode
    • Skip fixing related USNs
    • Update MOTD and APT messages
    • Simulate the `attach` operation
    • Check Ubuntu Pro Client version
    • Get rid of corrupted locks
    • Create a customised Cloud Ubuntu Pro image
  • Explanation
    • Pro-related APT messages
    • Pro-related MOTD messages
    • What does security-status do?
    • How to interpret the output of unattended-upgrades
    • How to interpret the output of the fix plan API endpoint
    • The pro status output explained
    • What pro refresh does
    • Disabling and purging services
    • About Public Cloud Ubuntu Pro images
    • What is the ubuntu-advantage-pro package?
    • CVEs and USNs explained
    • About ESM, esm-apps and esm-infra
    • Timer jobs explained
    • Using Ubuntu Pro airgapped
    • What is the Pro upgrade daemon?
    • Why is 14.04 (Trusty) no longer supported?
    • Errors you may encounter and their meaning
  • Reference
    • API reference guide
    • Network requirements
    • Personal Package Archives (PPAs)
    • Support matrix
    • Compatibility matrix
Back to top
Edit this page

How to not fix related USNs#

When running the pro fix command for a USN, by default we also try to fix any related USNs as well. To better understand the concept of related USNs, you can refer to our related USNs guide. To make this clear, let’s take a look into the following example:

USN-5573-1: rsync vulnerability
Associated CVEs:
  - https://ubuntu.com/security/CVE-2022-37434

Fixing requested USN-5573-1
1 affected source package is installed: rsync
(1/1) rsync:
A fix is available in Ubuntu standard updates.
{ apt update && apt install --only-upgrade -y rsync }

✔ USN-5573-1 is resolved.

Found related USNs:
- USN-5570-1
- USN-5570-2

Fixing related USNs:
- USN-5570-1
No affected source packages are installed.

✔ USN-5570-1 does not affect your system.

- USN-5570-2
1 affected source package is installed: zlib
(1/1) zlib:
A fix is available in Ubuntu standard updates.
{ apt update && apt install --only-upgrade -y zlib1g }

✔ USN-5570-2 is resolved.

Summary:
✔ USN-5573-1 [requested] is resolved.
✔ USN-5570-1 [related] does not affect your system.
✔ USN-5570-2 [related] is resolved.

We can see here that the pro fix command fixed the requested USN-5573-1 while also handling both USN-5570-1 and USN-5570-2, which are related to the requested USN. If you don’t want to fix any related USNs during the fix operation, just use the --no-related flag. By running the command pro fix USN-5573-1 --no-related we would get the following output instead:

USN-5573-1: rsync vulnerability
Associated CVEs:
  - https://ubuntu.com/security/CVE-2022-37434

Fixing requested USN-5573-1
1 affected source package is installed: rsync
(1/1) rsync:
A fix is available in Ubuntu standard updates.
{ apt update && apt install --only-upgrade -y rsync }

✔ USN-5573-1 is resolved.

Note that we have not analysed or tried to fix any related USNs

Next
How to update MOTD and APT messages
Previous
How to run the fix command in “dry run” mode
Copyright © 2023, Canonical Group Ltd
Made with Sphinx and @pradyunsg's Furo