Ubuntu Patch not Working

Usage and Config Patch
1

Hi Folks,

I have a basic query about how BigFix patching works on Ubuntu 16, am I right in saying
the BigFix client by default just points to the public Ubuntu repositories? So for Ubuntu 16
the Xenail repos at http://archive.ubuntu.com/ubuntu/dists/xenial-*

I’m trying to apply a patch '"USN-3891-1 - Systemd Vulnerability - Ubuntu 16.04 (amd64)'
to install ‘systemd=229-4ubuntu21.16’ but the action is failing as that version of the package
isn’t available

[Mon Dec 2 15:45:26 UTC 2019] 38910101 Resolver output in /var/opt/BESClient/__BESData/Patches for Ubuntu 1604/…/…/EDRDeployData/EDR_ResolverOutput.log Errors in /var/opt/BESClient/__BESData/Patches for Ubuntu 1604/…/…/EDRDeployData/EDR_ResolverError.log
[Mon Dec 2 15:45:26 UTC 2019] 38910101 apt-get Failure:
[Mon Dec 2 15:45:26 UTC 2019] 38910101 ____ E: Version ‘229-4ubuntu21.16’ for ‘libsystemd0’ was not found E: Version ‘229-4ubuntu21.16’ for ‘systemd’ was not found

Is this a mistake in the patch or something I can fix on my end?

Thanks

2

Greetings.

You are correct in that the Ubuntu clients will use their locally configured repositories for patch content. In this case, have you attempted to run the update command locally to see if it is able to pull that update?

-Matt

3

Hi Matt,

apt-cache policy systemd
systemd:
Installed: 229-4ubuntu21.15
Candidate: 229-4ubuntu21.22
Version table:
229-4ubuntu21.22 500
500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
229-4ubuntu21.21 500
500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
*** 229-4ubuntu21.15 100
100 /var/lib/dpkg/status
229-4ubuntu4 500
500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages

where it is reported 229-4ubuntu21.22 as candidate version while the fixlet is trying to install the 229-4ubuntu21.16 version.

4

When Ubuntu releases a new package, sometimes they move older versions to an archive repo which the Fixlets do not check. You’ll just need to wait for the team to release the Fixlet for the new version of the package.