Frequently asked questions

The questions and answers in this section can help you to better understand Patch for Ubuntu.

Which support fixlet can I use for installing the newest versions of all the packages installed on an endpoint?

You can use the Run `dist-upgrade` to install and intelligently handle dependencies of new packages support fixlet for installing the latest versions of all the packages installed on a system/endpoint. The apt-get dist-upgrade command installs the newest versions of all packages that are currently installed on the system from the sources that are defined for `apt`. The command also attempts to intelligently handle changing dependencies.

Using which support fixlet can I install all available security updates from a vendor repository?

You can use the Install all available updates from the vendor security repository (amd64) support fixlet to install all the security updates from your vendor repository. This fixlet gets a list of all the available updates from the vendor security package repository and installs them on the system/endpoint.

What to do when Fixlets fail to install with the following message in the EDR log? "Warning: Nothing to install. Please check if you are using the latest kernel."

This message appears only in case of Fixlets that deploy kernel packages. A kernel Fixlet becomes relevant if the endpoint does not have the target kernel package installed or if the endpoint's active kernel is at a lower version than the target kernel package. An endpoint is still considered subject to kernel vulnerabilities even if it has the latest kernel installed but not using it actively.

To remediate the issue, restart the endpoint and ensure it is using the latest kernel available.

What are Unspecified Fixlets and why do we need them?

Unspecified Fixlets are for the packages found in Ubuntu's security repositories and that do not have a security notice (USN) associated with them. Not all security packages released by Ubuntu have a USN associated with them - Unspecified Fixlets covers such packages.

Which type of Kernel Packages are supported for USN fixlets?

Bigfix Patch supports the following USN Kernel type packages:

  • linux-image-<version>-generic
  • linux-image-<version>-lowlatency
  • linux-image-<version>-oracle
  • linux-image-<version>-kvm
  • linux-image-<version>-oem
  • linux-image-<version>-gcp
  • linux-image-<version>-azure
Note: BigFix Patch does not currently support the following USN Kernel packages: aws,flo, gke, goldfish, hammerhead, hwe, lpae, mako, nexus4, powerpc, powerpc64, raspi2, snapdragon, virtual. Also note that these packages are subjected to change.