Security and compliance
Aligning to organisational needs to build upon rapid release cycles, ESM ensures systems and the Linux kernel remain patched against security vulnerabilities through Ubuntu Advantage.
Canonical’s Ubuntu security team provide fixes on high and critical CVEs (common vulnerabilities and exposures) for the most commonly used server packages in the Ubuntu main archive. ESM provides the essential continuation of the security updates for 12.04 LTS (Precise Pangolin) and 14.04 LTS (Trusty Tahr) that Ubuntu users have always received via a secure, private archive.
How to enable ESM on your system
To enable ESM on your Ubuntu LTS systems, you will need a token which is issued when you purchase ESM coverage. Once you have the token, follow this guide.
From the command line type the following commands and follow the step-by-step instructions:
ESM patches will now be offered as part of the standard APT upgrade procedure.
Getting started with total estate coverage
Buy direct from the store
Users interested in Ubuntu ESM updates can purchase Ubuntu Advantage from our online store.
Buy from the AWS Marketplace
For Amazon AWS users, you can purchase Ubuntu Advantage through the AWS Marketplace.
For existing subscribers
If you’re already a qualifying Ubuntu Advantage customer, you can request your credentials.
Ask on support.canonical.com
What CVEs (Common Vulnerabilities and Exposures) will receive patches?
Ubuntu ESM is focused on fixing high and critical CVEs. Low and medium updates typically have a mitigation path.
Which hardware platforms are supported under Ubuntu ESM?
Currently, we are maintaining the Ubuntu Cloud/Server 64-bit AMD/Intel binaries. We will extend support for other platforms in future updates.
Do all levels of Ubuntu Advantage for Infrastructure have access to Ubuntu ESM?
Yes. Ubuntu ESM is available for UA-I Essential, Standard and Advanced customers. For more information on levels please visit our pricing page. Existing UA customers can request their credentials through the Canonical support portal.
How can we ensure the security of our Ubuntu systems after the end of Standard Security Maintenance?
Sign up to Ubuntu Advantage now, and you will benefit from UA services immediately without having a gap in service when a particular release reaches the end of its Standard Security Maintenance window. For more details of initial release dates and maintenance cadence, see wiki.ubuntu.com/Releases. Ubuntu Advantage is available at buy.ubuntu.com and through the AWS Marketplace.
How long will Ubuntu ESM be maintained?
This depends on the release. Ubuntu 14.04 (Trusty Tahr) and 16.04 (Xenial Xerus) will have updates provided for up to three years after the end of the Standard Security Maintenance window. Ubuntu 18.04 (Bionic Beaver) and subsequent releases until further announcement will have ESM updates provided for up to five years.
Is it possible to purchase Ubuntu ESM months down the road when needed, with or without backdating the cost, or does it need to be in place in advance?
You can purchase Ubuntu Advantage support at any time. It does not need to be in place in advance, although we strongly recommend you eliminate the gap between when Ubuntu ESM is enabled on your system(s), to avoid exposing your systems to security vulnerabilities. Ubuntu Advantage is priced year-over-year so there is no backdating.
We're mirroring the repository on our internal Landscape server. Can we still get Ubuntu ESM if using Landscape?
ESM is just a regular Ubuntu archive, but authenticated and served over HTTPS. Archive mirroring is already available in Landscape and is the only supported mechanism for mirroring the ESM archive.
Will Ubuntu ESM include patching my-favourite-package?
Canonical’s Ubuntu Security Team are committed to providing fixes for high and critical CVEs against the most commonly used server packages in the Ubuntu Main archive. This is essentially a continuation of the same security updates that Ubuntu LTS Server users have always received.
Will source code for Ubuntu ESM patches be made available? If so, will that be publicly available on Launchpad or only through Ubuntu ESM?
Both the binary updates and source code will be available to Ubuntu ESM users. We will honour any and all licenses associated with the open source code in Ubuntu.