Ubuntu VM with Docker is causing Advisor to report critical security vulnerabilities

[alecvn]

Simple deployment of an Ubuntu VM with Docker

Issue Details

The template is causing Advisor to report over 30 critical vulnerabilities, mostly surrounding certificates. My assumption is that this image should come with all the required certificates configured, and when ssh'ing into the VM and looking around I can see many, many certificates are installed, so at this point I'm unsure whether:

• I need to implement certificates that the template doesn't provide
• Advisor is incorrect
• The certificates that come with the template aren't configured correctly

Some clarity here would be greatly appreciated. Screenshot with some of the vulnerabilities is attached.

[asears]

Which version did you install? In any case, the template seems to have an older version of the images, oldest should probably be removed and 20.04 added? The description that these are fully patched seems misleading...

"20_04-lts"
"20_04-lts-gen2"
"18.04-lts"
"18_04-lts-gen2"
"16.04-lts"
"16_04-lts-gen2"

There's more detail here about the images and versions: https://discourse.ubuntu.com/t/find-ubuntu-images-on-microsoft-azure/18918 https://az-vm-image.info/?cmd=--all+--publisher+canonical

And a pro offering from Canonical for additional security and livepatch. https://ubuntu.com/azure/pro

[alecvn]

The latest version available when deploying this through the UI is 18.04, which is what I selected. After inspecting the issues further, I'm getting more convinced that Advisor is just flagging some, if not all, of these incorrectly.

It would be great if someone from the team could confirm this.