Ubuntu 14.04 LTS ‘Trusty Tahr’ transitioned into the ESM support phase at the end of April 2019, and will no longer be supported for users who do not have access to Extended Security Maintenance (ESM) through Ubuntu Advantage for Infrastructure.
Ubuntu long term support (LTS) releases provide a stable, supported platform for development and production, with five years of guaranteed public maintenance available. Once the public Standard Security Maintenance window comes to a close, Ubuntu LTS releases have an additional three to five years of support (depending upon the release) through ESM.
Access to ESM extends LTS release coverage, allowing for continued security fixes for high and critical common vulnerabilities and exposures (CVEs) for the most commonly used packages in the Ubuntu main archive. This access permits organisations with workloads running on Ubuntu LTS releases to maintain compliance standards by providing a secure environment before upgrading can occur.
For users who need access to ESM, or have questions about this service, please refer to the below FAQs. Do not hesitate to get in touch with our team to discuss any additional questions on ESM for Ubuntu 14.04.
If you are a UA Infrastructure customer and need access to the ESM repository, credentials can be found by clicking ‘My Account’ in the profile section of Canonical’s support portal.
If you are not a UA Infrastructure customer and need access to ESM, please get in touch with our team to learn more and enable ESM for your Ubuntu 14.04 systems.
If you are in a heavily-regulated industry where continued security certifications or the compliance of infrastructure systems is critical to meet regulatory requirements, it is recommended to utilise ESM to maintain the integrity and stability of those systems.
PCI DSS, SOC 2 and GDPR are three examples of certifications and regulations that mandate security patching across several industry sectors.
Additional reasons and industry requirements for ESM include the below:
In the five years that Trusty Tahr has been released, more than 1,300 Ubuntu Security Notices (USNs) have been issued, with a single USN potentially addressing multiple CVEs. Going forward, USNs will continue to be addressed for UA Infrastructure customers through ESM.
It is recommended for all users to upgrade to the latest LTS release, Ubuntu 18.04. This release has significantly faster boot times, is built on the 4.15 kernel, was designed for CI/CD with Kubernetes support built in, has mitigations for Spectre and Meltdown and is tuned for machine learning.
There are three easy ways to upgrade your systems –
$ sudo do-release-upgrade
$ sudo apt-get dist-upgrade
For those utilising 14.04 who cannot upgrade, or who are planning to upgrade in the near future, it is recommended to subscribe to ESM through UA Infrastructure for continued access to security patches.
Security vulnerabilities that remain unpatched open your infrastructure systems to hackers and the potential of a major breach. Furthermore, security patches are often necessary to meet regulatory requirements commonly found in the finance, healthcare, e-commerce and telco industries.
Subscribing to ESM helps you mitigate the risks, operational costs and potential fines that come from unidentified and unpatched vulnerabilities.
Ubuntu 14.04 LTS ‘Trusty Tahr’ will be supported until April 2022 through UA Infrastructure’s ESM service.
Extended Security Maintenance (ESM) for Ubuntu 14.04 Trusty Tahr includes security patches for high and critical vulnerabilities for an additional three years of coverage and is available through an Ubuntu Advantage for Infrastructure subscription. For more information, please visit ubuntu.com/esm and reach out with any questions.
Ubuntu offers all the training, software infrastructure, tools, services and support you need for your public and private clouds.
Microarchitectural Data Sampling (MDS) describes a group of vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091) in various Intel microprocessors, which allow a malicious process to read various information…
29th April, 2019: Canonical today announced Ubuntu Advantage for Infrastructure, a consolidated enterprise security, compliance and support offering that covers the full range of open source infrastructure capabilities for up to 10 years.…
Cyber attacks are becoming more sophisticated, attack frequency is on the rise, and the cost of cybercrime damage is projected to reach $6 trillion annually by 2021. Traditional defensive measures such as firewalls and intrusion…