Ubuntu Extended Security Maintenance

Extended Security Maintenance (ESM) ensures the ongoing security and integrity of Ubuntu Long-term support (LTS) systems through Ubuntu Advantage for Infrastructure.

Buy Ubuntu Advantage

Learn more about Ubuntu Advantage ›

Benefits of ESM

Aligning to organisational needs to build upon rapid release cycles, ESM ensures systems and the Linux kernel remain patched against security vulnerabilities through Ubuntu Advantage.

Canonical’s Ubuntu security team provide fixes on high and critical CVEs (common vulnerabilities and exposures) for the most commonly used server packages in the Ubuntu main archive. ESM provides the essential continuation of the security updates for 12.04 LTS (Precise Pangolin) and 14.04 LTS (Trusty Tahr) that Ubuntu users have always received via a secure, private archive.

Learn how ITstrategen keeps legacy applications secure with ESM ›

Get ESM with Ubuntu Advantage

Buy direct from the store

Users interested in Ubuntu ESM updates can purchase Ubuntu Advantage from our online store.

Purchase at buy.ubuntu.com

Buy from the AWS Marketplace

For Amazon AWS users, you can purchase Ubuntu Advantage through the AWS Marketplace.

Purchase Standard or Advanced

For existing subscribers

If you’re already a qualifying Ubuntu Advantage customer, you can request your credentials.

Ask on support.canonical.com

Any questions?

Call us +1 737 204 0291 (Americas), +44 203 656 5291 (RoW) or

contact us online

How to enable ESM on your system

To enable ESM on your Ubuntu LTS systems, from the command line type the following commands and follow the step-by-step instructions:

Frequently asked questions (FAQ)

Following the end-of-life of Ubuntu LTS releases, Canonical offers Ubuntu ESM (Extended Security Maintenance), which provides important security fixes for the kernel and the most essential userspace packages. Below are several frequently asked questions about what happens when the Ubuntu LTS period ends.

If you have any more questions we encourage customers to reach out via Twitter @ubuntu.

What CVEs (Common Vulnerabilities and Exposures) will receive patches?

Ubuntu ESM is focused on fixing high and critical CVEs. Low and medium updates typically have a mitigation path.

Which hardware platforms are supported under Ubuntu ESM?

Currently, we are maintaining the Ubuntu Cloud/Server 64-bit AMD/Intel binaries. We will extend support for other platforms in future updates.

Do all levels of Ubuntu Advantage have access to Ubuntu ESM?

Yes. Ubuntu ESM is available for UA Virtual Guest, UA Standard and UA Advanced customers. For more information on levels please visit buy.ubuntu.com. If you are a qualifying UA customer, you can request your credentials and have your system ready to receive updates without downtime or gaps.

How can we ensure the security of our Ubuntu systems after release end of life?

Sign up to Ubuntu Advantage now, and you will benefit from UA services immediately without having a gap in service when a particular release reaches end-of-life. For more details of initial release dates (and hence release end-of-life dates, see wiki.ubuntu.com/Releases). Ubuntu Advantage is available at buy.ubuntu.com, and or for AWS users, you can purchase Ubuntu Advantage Standard or Advanced through the AWS Marketplace.

How long will Ubuntu ESM be maintained?

This depends on the release. Ubuntu 14.04 (Trusty Tahr) and 16.04 (Xenial Xerus) will have updates provided for up to three years from the release end-of-life date. Ubuntu 18.04 (Bionic Beaver) and subsequent releases until further announcement will have updates provided for up to five years from the release end-of-life date.

Is it possible to purchase Ubuntu ESM months down the road when needed, with or without backdating the cost, or does it need to be in place in advance?

You can purchase Ubuntu Advantage support at any time. It does not need to be in place in advance, although we strongly recommend you eliminate the gap between when Ubuntu ESM is enabled on your system(s), to avoid exposing your systems to security vulnerabilities. Ubuntu Advantage is priced year-over-year so there is no backdating.

We're mirroring the repository on our internal Landscape Server. Is there a guide on how to get Ubuntu ESM if using Landscape?

ESM is just a regular Ubuntu archive, but authenticated and served over HTTPS. Archive mirroring is already available in Landscape, and is the only supported mechanism for mirroring the ESM archive.

What will the LTS support situation look like during ESM? Will we be able to raise functionality tickets with Canonical or are you ending actual support and providing only security patches?

The support window for Ubuntu 12.04 closes on April 28, 2017. The support team will not be able to fix bugs or build fixed packages once the 12.04 LTS archive is closed.

Will Ubuntu ESM include patching my-favourite-package (e.g. PHP5.3)?

Canonical's Ubuntu Security Team are committed to providing fixes for HIGH and CRITICAL CVEs against the most commonly used server packages in the Ubuntu Main archive. This is essentially a continuation of the same security updates that Ubuntu 12.04 Server users have always received.

Will source code for Ubuntu ESM patches be made available? If so, will that be publicly available on Launchpad or only through Ubuntu ESM?

Both the binary updates and source code will be available to Ubuntu ESM users. We will honour any and all licenses associated with the open source code in Ubuntu.

Get ESM for Ubuntu

If you would like to discuss ESM for Ubuntu please get in touch.

Or visit the Ubuntu Advantage store