I am using the default Ubuntu Distros in an Azure Bionic VM. I would like to update software with vulnerabilities such as VIM, but it seems the only version available in these Distros is version 8.0. Shouldn't the security distro have an update available for VIM and any other software with vulnerabilities ? Need some 101 Guidance here please.
Asked
Active
Viewed 22 times
0
-
1The answer to the specific question asked (*Shouldn't the security distro have an update available?*) is 'No' *because of the way you phrased the question*. There are two ways to address a vulnerability: 1) Apply a patch to the current version, or 2) Update to a newer version (that includes the patch). The question assumes the #2 is preferable. The Ubuntu Security Team actually does #1 for most CVEs (there are exceptions). – user535733 Sep 16 '21 at 00:09
-
Refer to the following posts for some more useful information on this topic: [Why don't the Ubuntu repositories have the latest versions of software?](https://askubuntu.com/questions/151283/why-dont-the-ubuntu-repositories-have-the-latest-versions-of-software) and [my answer to another question summarizing generally 'when a security patch happens'](https://askubuntu.com/questions/1362875/ubuntu-release-update-packages/1362877#1362877). – Thomas Ward Sep 16 '21 at 00:45
-
Part of the 'update' process is to backport packages, and if there's a Vim update they'll issue a [USN here](https://www.bing.com/newtabredir?url=https%3A%2F%2Fubuntu.com%2Fsecurity%2Fnotices) – Thomas Ward Sep 16 '21 at 00:45
-
If you ever want to see what version and what changes they have made to a package just run `apt changelog
` like `apt changelog vim` will actually show that it is version `8.1.2269-1ubuntu5` for Ubuntu 20.04 repos. – Terrance Sep 16 '21 at 03:38