This command "pro fix CVE-2023-31083" does create the error condition.

Thanks for reporting this Novexx!

Unfortunately I can't find anything in the logs.

Does the error look something like this?

Error connecting to notices.json: 503 <html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx</center>
</body>
</html>

The security API that the `pro fix` command relies on to look up CVEs has been experiencing some outages, so it may be related to that.

Please post the error that you are seeing here to confirm.

Hi Grant,

yes, exactly. I'll get the following error.

[image: image.png]

Best regards,
Carsten

On Fri, Jun 21, 2024 at 3:25 PM Grant Orndorff <email address hidden>
wrote:

> Thanks for reporting this Novexx!
>
> Unfortunately I can't find anything in the logs.
>
> Does the error look something like this?
>
> Error connecting to notices.json: 503 <html>
> <head><title>503 Service Temporarily Unavailable</title></head>
> <body>
> <center><h1>503 Service Temporarily Unavailable</h1></center>
> <hr><center>nginx</center>
> </body>
> </html>
>
>
> The security API that the `pro fix` command relies on to look up CVEs has
> been experiencing some outages, so it may be related to that.
>
> Please post the error that you are seeing here to confirm.
>
> ** Information type changed from Private to Public
>
> ** Changed in: ubuntu-advantage-tools (Ubuntu)
> Status: New => Incomplete
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/2069822
>
> Title:
> This command "pro fix CVE-2023-31083" does create the error condition.
>
> Status in ubuntu-advantage-tools package in Ubuntu:
> Incomplete
>
> Bug description:
> I tried to fix some vulnerabilities on my ubuntu instalation with the
> command :
>
> pro fix CVE-2023-31083
>
> After some period of time I'll a error message.
>
> lab_release -rd
> Description: Ubuntu 16.04.7 LTS
> Release: 16.04
>
> ProblemType: Bug
> DistroRelease: Ubuntu 16.04
> Package: ubuntu-advantage-tools 32.3~16.04
> ProcVersionSignature: Ubuntu 4.4.0-254.288-generic 4.4.262
> Uname: Linux 4.4.0-254-generic x86_64
> ApportVersion: 2.20.1-0ubuntu2.30+esm3
> Architecture: amd64
> Date: Wed Jun 19 15:08:33 2024
> InstallationDate: Installed on 2018-12-05 (2022 days ago)
> InstallationMedia: Ubuntu-Server 16.04.1 LTS "Xenial Xerus" - Release
> amd64 (20160719)
> PackageArchitecture: all
> ProcEnviron:
> TERM=xterm
> PATH=(custom, no user)
> XDG_RUNTIME_DIR=<set>
> LANG=de_DE.UTF-8
> SHELL=/bin/bash
> SourcePackage: ubuntu-advantage-tools
> UpgradeStatus: No upgrade log present (probably fresh install)
> apparmor_logs.txt: Jun 19 15:05:45 vmpdech40 kernel: audit: type=1400
> audit(1718802345.311:2): apparmor="STATUS" operation="profile_load"
> profile="unconfined" name="ubuntu_pro_apt_news" pid=863
> comm="apparmor_parser"
> cloud-id.txt-error: Invalid command specified 'cloud-id'.
> jobs-status.json: {"metering": {"last_run":
> "2024-06-19T07:41:25.670684+00:00", "next_run":
> "2024-06-19T11:41:25.670684+00:00"}, "update_contract_info": null,
> "update_messaging": {"last_run": "2024-06-19T07:41:25.670684+00:00",
> "next_run": "2024-06-19T13:41:25.670684+00:00"}}
> pro-journal.txt: -- No entries --
> uaclient.conf:
> contract_url: https://contracts.canonical.com
> log_level: debug
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2069822/+subscriptions
>
>

Thank you for confirming!

This is an ongoing issue with the back-end API and is being tracked here https://github.com/canonical/ubuntu-com-security-api/issues/165

Since there isn't much the `pro` command can do without a functioning back-end API for the security data, I'll mark this bug as Invalid.