{"description": "\nIf the system has an apt repository available, run the following command to install updates:\n<pre>$ apt update &#38;&#38; apt full-upgrade</pre>\n\n<br /><br />\nNOTE: U.S. Defense systems are required to be patched within 30 days or sooner as local policy\ndictates.", "rationale": "Installing software updates is a fundamental mitigation against\nthe exploitation of publicly-known vulnerabilities. If the most\nrecent security patches and updates are not installed, unauthorized\nusers may take advantage of weaknesses in the unpatched software. The\nlack of prompt attention to patching could result in a system compromise.", "severity": "medium", "references": {"cis-csc": ["18", "20", "4"], "cjis": ["5.10.4.1"], "cobit5": ["APO12.01", "APO12.02", "APO12.03", "APO12.04", "BAI03.10", "DSS05.01", "DSS05.02"], "isa-62443-2009": ["4.2.3", "4.2.3.12", "4.2.3.7", "4.2.3.9"], "iso27001-2013": ["A.12.6.1", "A.14.2.3", "A.16.1.3", "A.18.2.2", "A.18.2.3"], "nist": ["SI-2(5)", "SI-2(c)", "CM-6(a)"], "nist-csf": ["ID.RA-1", "PR.IP-12"], "ospp": ["FMT_MOF_EXT.1"], "pcidss": ["Req-6.2"], "srg": ["SRG-OS-000480-GPOS-00227"], "anssi": ["R61"], "ism": ["1409"], "pcidss4": ["6.3.3", "6.3"]}, "control_references": {"anssi": ["R61"], "ism": ["1409"], "pcidss4": ["6.3.3", "6.3"]}, "components": [], "identifiers": {}, "ocil_clause": "Ubuntu 22.04 is in non-compliance with the organizational patching policy", "ocil": "Verify Ubuntu 22.04 security patches and updates are installed and up to date.\nUpdates are required to be applied with a frequency determined by organizational policy.\n\n\n\nTypical update frequency may be overridden by Information Assurance Vulnerability Alert (IAVA) notifications from CYBERCOM.", "oval_external_content": "https://security-metadata.canonical.com/oval/com.ubuntu.jammy.usn.oval.xml.bz2", "fixtext": "Install Ubuntu 22.04 patches or updated packages available from Red Hat within 30 days or sooner as local policy dictates.", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 vendor packaged system security patches and updates must be installed and up to date.", "warnings": [{"general": "The OVAL feed of Ubuntu 22.04 is not a XML file, which may not be understood by all scanners."}], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 vendor packaged system security patches and updates must be installed and up to date.", "vuldiscussion": "Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise.", "checktext": "Verify Ubuntu 22.04 security patches and updates are installed and up to date. Updates are required to be applied with a frequency determined by organizational policy.\n\nObtain the list of available package security updates from Red Hat. The URL for updates is https://access.redhat.com/errata-search/. It is important to note that updates provided by Red Hat may not be present on the system if the underlying packages are not installed.\n\nCheck that the available package security updates have been installed on the system with the following command:\n\n$ dnf history list | more\n\n    ID | Command line | Date and time | Action(s) | Altered\n-------------------------------------------------------------------------------\n   70 | install aide | 2023-03-05 10:58 | Install | 1\n   69 | update -y | 2023-03-04 14:34 | Update | 18 EE\n   68 | install vlc | 2023-02-21 17:12 | Install | 21\n   67 | update -y | 2023-02-21 17:04 | Update | 7 EE\n\nTypical update frequency may be overridden by Information Assurance Vulnerability Alert (IAVA) notifications from CYBERCOM.\n\nIf the system is in noncompliance with the organizational patching policy, this is a finding.", "fixtext": "Install Ubuntu 22.04 security patches and updates at the organizationally defined frequency. If system updates are installed via a centralized repository that is configured on the system, all updates can be installed with the following command:\n\n$ sudo dnf update"}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Ensure Software Patches Installed", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml", "template": null}