Nessus continues to warn me about vulnerable packages that have been removed

I’m trying to lock down an Ubuntu 20.04 image by removing vulnerable packages we don’t use. I’ve run a Nessus Advanced Network Scan with the SSH login credentials and it found a number of issues, for instance "Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Vim vulnerabilities (USN-6026-1)" (https://ubuntu.com/security/notices/USN-6026-1). So I removed vim using:

sudo apt-get purge vim

rebooted the device and reran the scan. But I’m still getting the same issue. The security notice https://ubuntu.com/security/notices/USN-6026-1 only mentions vim, it doesn’t give the name of any other packages that need to be removed. How can I resolve this?

vim isn’t the only package I’m having this problem with, I also see it for others (ceph, cups-filters, libreoffice, etc).

Asked By: parsley72

||

I can’t figure out how to do this in the UI, but if I export the report as a PDF then under the issue:

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Vim vulnerabilities (USN-6026-1)

there’s a subsection "Assets" with:

  • Installed package : xxd_2:8.1.2269-1ubuntu5.11
  • Fixed package: xxd_2:8.1.2269-1ubuntu5.14

Removing xxd removes the vim issues from the next scan.

Answered By: parsley72
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.