Fully patched Ubuntu servers reporting findings but package version names are slightly off

I just performed my first authenticated scan against a fully patched 22.04 version of Ubuntu and it’s reporting 15 findings, ranging from criticals to mediums, but in investigating, it seems that it’s just the package version naming is slightly different than what it’s expecting. For example:

Summary

The remote host is missing an update for the ‘imagemagick’ package(s) announced via the USN-8021-1 advisory.

Detection Result

Vulnerable package:   imagemagick-6.q16
Installed version:    imagemagick-6.q16-8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5
Fixed version:      >=imagemagick-6.q16-8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm7

Vulnerable package:   libmagickcore-6.q16-6
Installed version:    libmagickcore-6.q16-6-8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5
Fixed version:      >=libmagickcore-6.q16-6-8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm7

Vulnerable package:   libmagickcore-6.q16-6-extra
Installed version:    libmagickcore-6.q16-6-extra-8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5
Fixed version:      >=libmagickcore-6.q16-6-extra-8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm7

Vulnerable package:   libmagickwand-6.q16-6
Installed version:    libmagickwand-6.q16-6-8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5
Fixed version:      >=libmagickwand-6.q16-6-8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm7

You can see the only difference is the appended "+esm7" which seems to be the Ubuntu Pro version of the package (ESM = Extended Security Maintenance). Not sure why it's looking for that specifically but I'm sure there are more non Ubuntu Pro servers out there than Pro.

Is there a a way to fix this?

Thanks!

Is there a a way to fix this?

The fix would be either:

1. Upgrade to Ubuntu Pro subscription to receive the relevant fixes via the ESM program
2. Upgrade to a newer Ubuntu release (e.g. 26.04 LTS) which receives relevant fixes / are not affected without having an Ubuntu Pro subscription
3. Accept the risk of having unpatched packages with security risks on the system and create overrides (See OPENVAS SCAN manual) accordingly

Notes:

• See e.g. USN-8021-1: ImageMagick vulnerability | Ubuntu security notices | Ubuntu or CVE-2026-23876 | Ubuntu where it clearly shows that the fix for this flaw is (at least currently) only available in Ubuntu Pro
• The VT/test side here works as expected / designed so the thread was moved to a better fitting category

Thank you very much for your reply! I did update to 26.04 and re-scanned and that resolved the findings. Thank you again – I really appreciate your help!