-1

Regards, I hope you be fine.

I'm trying to close vulnerabilities in ubuntu, currently working with jammy jellyfish. A vulnerability that I'm closing is with sudo

when I use the command dpkg -l or apt list --installed it prompts:

ii sudo 1.9.9-1ubuntu2.4 amd64

but when I run sudo -V, it prompts:

Sudo versión 1.9.15p5

¿How could i solve this?

Another question, can I install the latest version of a package in my ubuntu version, for example, the latest version for openssh is OpenSSH 9.7/9.7p1, but the latest release for jammy is openssh 1:8.9p1-3.

Thank you very much for your time.

Improve this question
2
  • 1
    Instead of going around installing random versions of software, check whether the vulnerability you're concerned about has been patched by Ubuntu, and whether you have those patched versions for your release installed. Otherwise there's no point to installing Ubuntu, you might as well install LFS
    – muru
    Commented Apr 17 at 21:51
  • You do realize dpkg provides the PACKAGE VERSION, where as asking the app to provide version will provide the PROGRAM VERSION, ie. different results that are usually very close, but are not always.
    – guiverc
    Commented Apr 18 at 0:36

1 Answer 1

Reset to default
-1

If you are dead set on updating to newer OpenSSH to fix this, then you need to manually compile OpenSSH and install it on those affected systems. This will not be trivial and is not easily documented here.

as for installing the latest packages, some apps on flatpak are community maintained or maintained by the devs themself example discord it's maintained by discord themself and it's the same version as the deb they provide.

As whether you can trust flatpak installing apps via flatpak are about as safe as the apps in your distro's repos. Meaning if you apt it will be the same as the flatpak version, if you don't want to use flatpak you can use ppa's they offer the same as flatpak meaning that it's the newest package instead of being a "stable" version like the one you find in your native package repo,

if you want a distro that has a up to date packages you should think about rolling release distros, rolling release distros are distros that as soon as a update is available for a package it's available for you and its in the native repos some of the most common distros that offer that is arch(based) openSUSE Debian Unstable (also known by its codename "Sid"), if you want something familiar since you are using ubuntu, I would recommended debian unstable as it has the same architecture as ubuntu, both being based on debian and use apt so you can easily migrate to debian unstable, if you are feeling adventurous, you could go to arch and try it to get to know arch and it's packages

Improve this answer
2
  • I'm using Ubuntu development currently... and many packages here are newer than what my Debian sid/testing box has!... and that is not uncommon (though in most cases they're pretty equivalent except if one system is in freeze thus falls behind). Debian releases only ever second year thus many packagers tend to only update as a release approaches, exceptions are often Ubuntu devs pushing what they want in Ubuntu upstream to keep the delta or diffs (with upstream) small as is an aim of Ubuntu devs; but this doesn't happen with all... And why push Debian sid on a Ubuntu site?
    – guiverc
    Commented Apr 18 at 0:41
  • If not obvious, Ubuntu with only six months between releases (April & October each year) being the reason why packages get updated more frequently than upstream Debian which releases every second year
    – guiverc
    Commented Apr 18 at 0:47

Not the answer you're looking for? Browse other questions tagged .