Lates updates on Ubuntu servers

Question

I have a couple of Ubuntu servers running on Azure. Servers were deployed from standard Azure image. They all run updates every day using Azure update manager. When I manually check updates I see that no new updates are available. Today I saw that all of the servers have an issue with CVE-2023-25690 vulnerability in Apache. I checked and it looks like it was fixed in release 2.4.56 https://httpd.apache.org/security/vulnerabilities_24.html that was released almost a month ago. Ubuntu website also states that it was fixed by them almost a month ago https://ubuntu.com/security/notices/USN-5942-1

So if it was fixed by them so long ago how come all our servers still have this issue and at the same time show that there are no updates ?

Answer 1

It sounds like there might be an issue with the Azure update manager not detecting the necessary updates. It's possible that there could be a delay in the updates being propagated to the Azure update manager or there could be a misconfiguration in the update settings.

I would recommend checking the update settings on your Azure servers to ensure that they are configured correctly and also checking the Azure update logs to see if there are any errors or issues with the update process. Additionally, you may want to reach out to Azure support to see if they can investigate further and provide a solution. It's important to ensure that your servers are up-to-date with the latest security patches.