Ubuntu Extended Security Maintenance

Extended Security Maintenance (ESM) ensures the ongoing security and integrity of Ubuntu Long-term support (LTS) systems through Ubuntu Advantage for Infrastructure.

Buy Ubuntu Advantage

Learn more about Ubuntu Advantage ›

Security and compliance

Aligning to organisational needs to build upon rapid release cycles, ESM ensures systems and the Linux kernel remain patched against security vulnerabilities through Ubuntu Advantage.

Canonical’s Ubuntu security team provide fixes on high and critical CVEs (common vulnerabilities and exposures) for the most commonly used server packages in the Ubuntu main archive. ESM provides the essential continuation of the security updates for 12.04 LTS (Precise Pangolin) and 14.04 LTS (Trusty Tahr) that Ubuntu users have always received via a secure, private archive.

Learn how ITstrategen keeps legacy applications secure with ESM ›

Any questions?

Call us +1 737 204 0291 (Americas), +44 203 656 5291 (RoW) or

contact us online

Getting started with total estate coverage

Buy direct from the store

Users interested in Ubuntu ESM updates can purchase Ubuntu Advantage from our online store.

Purchase at buy.ubuntu.com

Buy from the AWS Marketplace

For Amazon AWS users, you can purchase Ubuntu Advantage through the AWS Marketplace.

Purchase Standard or Advanced

For existing subscribers

If you’re already a qualifying Ubuntu Advantage customer, you can request your credentials.

Ask on support.canonical.com

Frequently asked questions (FAQ)

If you have any more questions, feel free to get in touch.

What CVEs (Common Vulnerabilities and Exposures) will receive patches?

Ubuntu ESM is focused on fixing high and critical CVEs. Low and medium updates typically have a mitigation path.

Which hardware platforms are supported under Ubuntu ESM?

Currently, we are maintaining the Ubuntu Cloud/Server 64-bit AMD/Intel binaries. We will extend support for other platforms in future updates.

Do all levels of Ubuntu Advantage for Infrastructure have access to Ubuntu ESM?

Yes. Ubuntu ESM is available for UA-I Essential, Standard and Advanced customers. For more information on levels please visit our pricing page. Existing UA customers can request their credentials through the Canonical support portal.

How can we ensure the security of our Ubuntu systems after the end of Standard Security Maintenance?

Sign up to Ubuntu Advantage now, and you will benefit from UA services immediately without having a gap in service when a particular release reaches the end of its Standard Security Maintenance window. For more details of initial release dates and maintenance cadence, see wiki.ubuntu.com/Releases. Ubuntu Advantage is available at buy.ubuntu.com and through the AWS Marketplace.

How long will Ubuntu ESM be maintained?

This depends on the release. Ubuntu 14.04 (Trusty Tahr) and 16.04 (Xenial Xerus) will have updates provided for up to three years after the end of the Standard Security Maintenance window. Ubuntu 18.04 (Bionic Beaver) and subsequent releases until further announcement will have ESM updates provided for up to five years.

Is it possible to purchase Ubuntu ESM months down the road when needed, with or without backdating the cost, or does it need to be in place in advance?

You can purchase Ubuntu Advantage support at any time. It does not need to be in place in advance, although we strongly recommend you eliminate the gap between when Ubuntu ESM is enabled on your system(s), to avoid exposing your systems to security vulnerabilities. Ubuntu Advantage is priced year-over-year so there is no backdating.

We're mirroring the repository on our internal Landscape server. Can we still get Ubuntu ESM if using Landscape?

ESM is just a regular Ubuntu archive, but authenticated and served over HTTPS. Archive mirroring is already available in Landscape and is the only supported mechanism for mirroring the ESM archive.

Will Ubuntu ESM include patching my-favourite-package?

Canonical’s Ubuntu Security Team are committed to providing fixes for high and critical CVEs against the most commonly used server packages in the Ubuntu Main archive. This is essentially a continuation of the same security updates that Ubuntu LTS Server users have always received.

Will source code for Ubuntu ESM patches be made available? If so, will that be publicly available on Launchpad or only through Ubuntu ESM?

Both the binary updates and source code will be available to Ubuntu ESM users. We will honour any and all licenses associated with the open source code in Ubuntu.

Get ESM for Ubuntu

If you would like to discuss ESM for Ubuntu please get in touch.

Or visit the Ubuntu Advantage store