• Logo
    Ubuntu Pro
  • Forum
  • Ubuntu Pro FAQ
  • Pro services
    • Expanded Security Maintenance (ESM)
    • Livepatch
    • FIPS 140-2
    • Ubuntu Security Guide (USG)
    • CIS benchmarking
    • Common Criteria EAL2
    • ROS ESM
    • Real-time kernel
Contents Menu Expand Light mode Dark mode Auto light/dark mode
Ubuntu Pro Client documentation
Ubuntu Pro Client documentation
  • Tutorials
    • Get started with Ubuntu Pro Client
    • Use pro fix to solve a CVE/USN
    • Create an Ubuntu FIPS Docker image
  • How-to guides
    • Get an Ubuntu Pro token and attach to a subscription
    • Attach with a configuration file
    • Collect data logs for bug reporting
    • Configure...
      • Displaying APT News
      • A proxy
      • A TLS-in-TLS proxy
      • A timer job
    • Enable...
      • Anbox Cloud
      • CC EAL
      • CIS
      • ESM-Infra and ESM-Apps
      • FIPS
      • Landscape
      • Livepatch
      • Real-Time Kernel
    • How to know what the `fix` command would change?
    • Skip fixing related USNs
    • Update MOTD and APT messages
    • Simulate the `attach` operation
    • Check Ubuntu Pro Client version
    • Get rid of corrupted locks
    • Enable Ubuntu Pro services in a Dockerfile
    • Create a customised Cloud Ubuntu Pro image
    • Cloud Ubuntu Pro images with FIPS updates
    • Better visualise results when fixing multiple CVEs
  • Explanation
    • Pro-related APT messages
    • Pro-related MOTD messages
    • What does security-status do?
    • How to interpret the output of unattended-upgrades
    • The pro status output explained
    • What pro refresh does
    • Disabling and purging services
    • About Public Cloud Ubuntu Pro images
    • What is the ubuntu-advantage-pro package?
    • CVEs and USNs explained
    • Common scenarios when using pro fix to solve a CVE/USN
    • How to interpret the output of the fix plan API endpoint
    • About ESM, esm-apps and esm-infra
    • Timer jobs explained
    • Using Ubuntu Pro airgapped
    • What is the Pro upgrade daemon?
    • Why 14.04 (Trusty) is no longer supported
    • Errors you may encounter and their meaning
  • Reference
    • API reference guide
    • Network requirements
    • Personal Package Archives (PPAs)
    • Support matrix
    • Compatibility matrix
Back to top
Edit this page

How to skip fixing related USNs#

The general scenarios you might encounter when running pro fix are outlined in our explanation of using pro fix to solve a CVE/USN.

When running the pro fix command for a USN, by default we also try to fix any related USNs as well. To better understand the concept of related USNs, you can refer to our related USNs guide. To make this clear, let’s take a look into the following example:

USN-5573-1: rsync vulnerability
Associated CVEs:
  - https://ubuntu.com/security/CVE-2022-37434

Fixing requested USN-5573-1
1 affected source package is installed: rsync
(1/1) rsync:
A fix is available in Ubuntu standard updates.
{ apt update && apt install --only-upgrade -y rsync }

✔ USN-5573-1 is resolved.

Found related USNs:
- USN-5570-1
- USN-5570-2

Fixing related USNs:
- USN-5570-1
No affected source packages are installed.

✔ USN-5570-1 does not affect your system.

- USN-5570-2
1 affected source package is installed: zlib
(1/1) zlib:
A fix is available in Ubuntu standard updates.
{ apt update && apt install --only-upgrade -y zlib1g }

✔ USN-5570-2 is resolved.

Summary:
✔ USN-5573-1 [requested] is resolved.
✔ USN-5570-1 [related] does not affect your system.
✔ USN-5570-2 [related] is resolved.

We can see here that the pro fix command fixed the requested USN-5573-1 while also handling both USN-5570-1 and USN-5570-2, which are related to the requested USN.

If you don’t want to fix any related USNs during the fix operation, you can use the --no-related flag. By running the command pro fix USN-5573-1 --no-related we would get the following output instead:

USN-5573-1: rsync vulnerability
Associated CVEs:
  - https://ubuntu.com/security/CVE-2022-37434

Fixing requested USN-5573-1
1 affected source package is installed: rsync
(1/1) rsync:
A fix is available in Ubuntu standard updates.
{ apt update && apt install --only-upgrade -y rsync }

✔ USN-5573-1 is resolved.

Comparing this output to the previous one, we can see that we have not analysed or tried to fix any related USNs.

Next
How to update MOTD and APT messages
Previous
How to know what the fix command would change?
Copyright © 2024, Canonical Group Ltd
Made with Sphinx and @pradyunsg's Furo