14.04
|
Size: 15696
Comment: initial public draft
|
← Revision 16 as of 2021-09-28 09:02:48 ⇥
Size: 16249
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| #acl ubuntu-security:read,write,delete,revert All:read | |
| Line 5: | Line 6: |
| '''THIS IS A DRAFT''' '''THIS IS A DRAFT''' '''THIS IS A DRAFT''' '''THIS IS A DRAFT''' |
|
| Line 14: | Line 9: |
| Canonical is providing Extended Security Maintenance (ESM) for the popular Ubuntu 14.04 LTS server release. The support lifesycle of ESM is tracked on the [[Releases#Extended_Security_Maintenance|Releases]] page. = What's covered? = During the official lifetime of an Ubuntu release, Canonical provides security maintenance to binary packages that reside in the main and restricted components of the Ubuntu archive. This [[https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support|FAQ entry]] contains more information. During the Extended Security Maintenance phase of the Ubuntu 14.04 LTS release, Canonical will provide security maintenance to a wide range of binary packages that are commonly used in cloud and server workloads. Extended Security Maintenance is included for 64-bit x86 AMD/Intel installations. See the [[https://www.ubuntu.com/legal/ubuntu-advantage/service-description#ua-esm|service description]] for additional details. |
Canonical provides Extended Security Maintenance (ESM) for Ubuntu 14.04 LTS. The support lifecycle of ESM is tracked on the [[Releases#Extended_Security_Maintenance|Releases]] page. = What's covered with ESM? = During the lifetime of an Ubuntu release, Canonical provides security maintenance. Basic Security Maintenance covers binary packages that reside in the 'main' and 'restricted' components of the Ubuntu archive, typically for a period of 5 years from LTS release. This [[https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support|FAQ entry]] contains more information. For Ubuntu 14.04 LTS, Canonical will provide security maintenance to a wide range of binary packages that are commonly used in cloud and server workloads on 64-bit x86 AMD/Intel architectures. See the [[https://www.ubuntu.com/legal/ubuntu-advantage/service-description#ua-esm|service description]] for additional details. |
| Line 22: | Line 18: |
| The GA (3.13) and HWE kernel (4.4) are both supported. | The 14.04 GA kernel (Linux 3.13) and HWE kernel (Linux 4.4) are both supported. |
| Line 25: | Line 21: |
| The following server packages were in main and used enough to be included on the Ubuntu 14.04 LTS installation media but we are not extending ESM to them or their dependencies:. | The following server packages were in 'main' and included on the Ubuntu 14.04 LTS installation media but we are not extending ESM to them or their dependencies: * MAAS * OpenJDK * Open``Stack * Quagga software router * CUPS printing stack * Xen hypervisor * Various desktop related packages (alsa, bluez, cairo, poppler, pulseaudio, xorg) * Various packages related to snapd and working with snap packages (not included on installation media). snapd itself is supported to the extent of ensuring livepatch remains functional with CVE fixes only for the code representing the operational aspects of livepatch functionality. |
| Line 29: | Line 36: |
| == Maintained Packages == Canonical will provide security maintenance to the binary packages that reside in main originating from the list of source packages below. |
== 14.04 Infrastructure ESM Packages == Canonical will provide infrastructure extended security maintenance to the binary packages that reside in main originating from the list of source packages below. |
| Line 40: | Line 48: |
| || amd64-microcode || | |
| Line 162: | Line 171: |
| || exim4 || | |
| Line 215: | Line 225: |
| || intel-microcode || | |
| Line 460: | Line 471: |
| || linux-aws || || linux-azure || |
|
| Line 463: | Line 476: |
| || linux-meta-aws || || linux-azure-aws || |
|
| Line 464: | Line 479: |
| || linux-signed-azure || | |
| Line 505: | Line 521: |
| || mutt || | |
| Line 517: | Line 532: |
| || nginx || | |
| Line 555: | Line 569: |
| || pcsc-lite || | |
| Line 714: | Line 727: |
| || tokyocabinet || |
Ubuntu 14.04 Extended Security Maintenance
Canonical provides Extended Security Maintenance (ESM) for Ubuntu 14.04 LTS. The support lifecycle of ESM is tracked on the Releases page.
What's covered with ESM?
During the lifetime of an Ubuntu release, Canonical provides security maintenance. Basic Security Maintenance covers binary packages that reside in the 'main' and 'restricted' components of the Ubuntu archive, typically for a period of 5 years from LTS release. This FAQ entry contains more information.
For Ubuntu 14.04 LTS, Canonical will provide security maintenance to a wide range of binary packages that are commonly used in cloud and server workloads on 64-bit x86 AMD/Intel architectures. See the service description for additional details.
Included Kernels
The 14.04 GA kernel (Linux 3.13) and HWE kernel (Linux 4.4) are both supported.
Exclusions
The following server packages were in 'main' and included on the Ubuntu 14.04 LTS installation media but we are not extending ESM to them or their dependencies:
- MAAS
- OpenJDK
OpenStack
- Quagga software router
- CUPS printing stack
- Xen hypervisor
- Various desktop related packages (alsa, bluez, cairo, poppler, pulseaudio, xorg)
- Various packages related to snapd and working with snap packages (not included on installation media). snapd itself is supported to the extent of ensuring livepatch remains functional with CVE fixes only for the code representing the operational aspects of livepatch functionality.
Important: This is not an exhaustive list of exclusions. Please refer to the following section to see the list of packages that are maintained.
14.04 Infrastructure ESM Packages
Canonical will provide infrastructure extended security maintenance to the binary packages that reside in main originating from the list of source packages below.
accountsservice |
acct |
acl |
acpid |
adduser |
aide |
alsa-lib |
amavisd-new |
amd64-microcode |
anacron |
apache2 |
apparmor |
apport |
apport-symptoms |
apr |
apr-util |
apt |
apt-clone |
aptitude |
apt-xapian-index |
aspell |
aspell-en |
at |
attr |
audit |
augeas |
authbind |
autofs |
autogen |
avahi |
base-files |
base-passwd |
bash |
bash-completion |
billiard |
bind9 |
binutils |
biosdevname |
blas |
bogl |
boost1.54 |
bridge-utils |
brltty |
bsd-mailx |
bsdmainutils |
btrfs-tools |
build-essential |
busybox |
byobu |
bzip2 |
bzr |
ca-certificates |
ca-certificates-java |
casper |
cdebconf |
celery |
ceph |
cgmanager |
cgroup-lite |
chardet |
chardet-whl |
checkbox-support |
checksecurity |
chkrootkit |
cifs-utils |
clamav |
cloog |
cluster-glue |
command-not-found |
commons-pool |
configobj |
consolekit |
console-setup |
convoy |
coreutils |
cpio |
cpu-checker |
cracklib2 |
crmsh |
crochet |
cron |
cryptsetup |
curl |
curtin |
cwidget |
cyrus-sasl2 |
dash |
db5.3 |
dbconfig-common |
db-defaults |
dbus |
dbus-glib |
dbus-python |
d-conf |
dctrl-tools |
debconf |
debhelper |
debian-goodies |
debianutils |
device-tree-compiler |
devscripts |
dh-python |
dictionaries-common |
diffstat |
diffutils |
distro-info |
distro-info-data |
djorm-ext-pgarray |
dmidecode |
dmraid |
dnsmasq |
dnspython |
dnstracer |
dosfstools |
dovecot |
dpkg |
dpkg-repack |
dput |
drbd8 |
e2fsprogs |
ebtables |
ecj |
ecryptfs-utils |
ed |
efibootmgr |
efivar |
egenix-mx-base |
eglibc |
eject |
elfutils |
ethtool |
exim4 |
expat |
fakeroot |
file |
findutils |
flac |
fontconfig |
fonts-dejavu |
foomatic-db |
freeipmi |
freetype |
fribidi |
friendly-recovery |
fuse |
gawk |
gcc-4.8 |
gcc-defaults |
gccgo-4.9 |
gcr |
gdbm |
gdisk |
geoip |
geoip-database |
geronimo-jta-1.1-spec |
gettext |
glib2.0 |
gmp |
gnupg |
gnutls26 |
gobject-introspection |
gpgme1.0 |
grep |
gpm |
graphite2 |
grep |
groff |
grub2 |
grub2-signed |
grub-gfxpayload-lists |
gsfonts |
gzip |
hardening-wrapper |
harfbuzz |
hdparm |
heimdal |
hostname |
hw-detect |
icu |
ifenslave |
ifupdown |
initramfs-tools |
init-system-helpers |
insserv |
installation-report |
intel-microcode |
intltool-debian |
io-stringy |
iproute2 |
iptables |
iptraf |
iputils |
ipvsadm |
ipxe |
irqbalance |
isc-dhcp |
isl |
iso-codes |
iw |
jakarta-taglibs-standard |
jbig2dec |
jbigkit |
jfsutils |
jinja2 |
jquery |
json-c |
kbd |
keepalived |
kerberos-configs |
kerneloops |
keyutils |
klibc |
kmod |
kombu |
krb5 |
landscape-client |
langpack-locales |
language-selector |
laptop-detect |
lazr.restfulclient |
lazr.uri |
lcms2 |
ldap-auth-client |
ldb |
less |
lftp |
libaio |
libalgorithm-diff-perl |
libalgorithm-diff-xs-perl |
libalgorithm-merge-perl |
libapache2-mod-auth-pgsql |
libapache2-mod-auth-plain |
libapache2-mod-perl2 |
libapache2-mod-python |
libapache2-reload-perl |
libapt-pkg-perl |
libarchive |
libarchive-extract-perl |
libarchive-zip-perl |
libassuan |
libasyncns |
libatasmart |
libauthen-sasl-perl |
libautodie-perl |
libberkeleydb-perl |
libbsd |
libbsd-resource-perl |
libcaca |
libcap2 |
libcap-ng |
libclass-accessor-perl |
libclone-perl |
libcommons-collections3-java |
libcommons-dbcp-java |
libcommon-sense-perl |
libconfig-general-perl |
libconvert-binhex-perl |
libconvert-tnef-perl |
libconvert-uulib-perl |
libcroco |
libcrypt-openssl-bignum-perl |
libcrypt-openssl-rsa-perl |
libcrypt-passwdmd5-perl |
libdaemon |
libdate-manip-perl |
libdatrie |
libdbd-mysql-perl |
libdbi |
libdbi-perl |
libdebian-installer |
libdevel-symdump-perl |
libdigest-hmac-perl |
libdrm |
libdumbnet |
libecap |
libedit |
libemail-valid-perl |
libencode-locale-perl |
libept |
liberror-perl |
libesmtp |
libestr |
libevent |
libexif |
libexporter-lite-perl |
libffi |
libfile-basedir-perl |
libfile-copy-recursive-perl |
libfile-fcntllock-perl |
libfile-listing-perl |
libfont-afm-perl |
libfontenc |
libgc |
libgcrypt11 |
libgd2 |
libgpg-error |
libgphoto2 |
libgssglue |
libgusb |
libhtml-format-perl |
libhtml-form-perl |
libhtml-parser-perl |
libhtml-tagset-perl |
libhtml-template-perl |
libhtml-tree-perl |
libhttp-cookies-perl |
libhttp-daemon-perl |
libhttp-date-perl |
libhttp-message-perl |
libhttp-negotiate-perl |
libhx |
libibverbs |
libidn |
libieee1284 |
libio-html-perl |
libio-multiplex-perl |
libio-pty-perl |
libio-socket-inet6-perl |
libio-socket-ssl-perl |
libio-string-perl |
libipc-run-perl |
libipc-system-simple-perl |
libjaxp1.3-java |
libjpeg8-empty |
libjpeg-turbo |
libjson-perl |
libjson-xs-perl |
liblinear |
liblist-moreutils-perl |
liblocale-gettext-perl |
liblockfile |
liblog-log4perl-perl |
liblog-message-simple-perl |
liblwp-mediatypes-perl |
liblwp-protocol-https-perl |
libmail-dkim-perl |
libmail-sendmail-perl |
libmailtools-perl |
libmime-tools-perl |
libmnl |
libmodule-pluggable-perl |
libnet |
libnetaddr-ip-perl |
libnet-cidr-perl |
libnet-dns-perl |
libnet-domain-tld-perl |
libnetfilter-conntrack |
libnet-http-perl |
libnet-ip-perl |
libnet-server-perl |
libnet-smtp-ssl-perl |
libnet-snmp-perl |
libnet-ssleay-perl |
libnfnetlink |
libnfsidmap |
libnih |
libnl3 |
libnss-ldap |
libp11 |
libpam-krb5 |
libpam-ldap |
libpam-mount |
libpam-radius-auth |
libpaper |
libparse-debcontrol-perl |
libparse-debianchangelog-perl |
libpcap |
libpciaccess |
libperlio-gzip-perl |
libpipeline |
libpng |
libpod-latex-perl |
libqb |
librabbitmq |
librdmacm |
libsamplerate |
libsdl1.2 |
libseccomp |
libselinux |
libsemanage |
libsepol |
libsigc++-2.0 |
libsigsegv |
libsndfile |
libsocket6-perl |
libsub-identify-perl |
libsub-name-perl |
libsys-hostname-long-perl |
libtasn1-6 |
libterm-readkey-perl |
libterm-ui-perl |
libtext-charwidth-perl |
libtext-iconv-perl |
libtext-levenshtein-perl |
libtext-soundex-perl |
libtext-wrapi18n-perl |
libthai |
libtie-ixhash-perl |
libtimedate-perl |
libtirpc |
libtool |
libunistring |
libunix-syslog-perl |
liburi-perl |
libusb |
libusbx |
libvirt |
libvirt-python |
libvpx |
libwebp |
libwww-perl |
libwww-robotrules-perl |
libx11 |
libx86 |
libxalan2-java |
libxau |
libxcb |
libxdmcp |
libxerces2-java |
libxext |
libxfont |
libxml2 |
libxml-commons-resolver1.1-java |
libxmu |
libxpm |
libxrender |
libxslt |
libyaml |
lintian |
linux |
linux-atm |
linux-aws |
linux-azure |
linux-firmware |
linux-lts-xenial |
linux-meta |
linux-meta-aws |
linux-azure-aws |
linux-meta-lts-xenial |
linux-signed-azure |
linux-signed-lts-xenial |
lksctp-tools |
lm-sensors |
logrotate |
lockfile-progs |
logrotate |
logwatch |
lsb |
lshw |
lsof |
lsscsi |
ltrace |
lua5.2 |
lupin |
lvm2 |
lxml |
lzo2 |
m4 |
mail-spf-perl |
makedev |
make-dfsg |
man-db |
manpages |
markupsafe |
mawk |
mdadm |
memtest86+ |
mime-support |
mlocate |
mod-auth-mysql |
mod-wsgi |
mokutil |
mountall |
mouseemu |
mpclib3 |
mpdecimal |
mpfr4 |
msr-tools |
mtr |
multipath-tools |
munin |
mysql-5.5 |
nano |
nbd |
ncurses |
netbase |
netcat-openbsd |
netcf |
netifaces |
netkit-ftp |
netkit-telnet |
net-snmp |
nettle |
net-tools |
newt |
nfs-utils |
nginx |
nmap |
nspr |
nss |
nss-mdns |
ntfs-3g |
ntp |
numactl |
nut |
ocfs2-tools |
openbsd-inetd |
openhpi |
openipmi |
open-iscsi |
openldap |
openslp-dfsg |
openssh |
openssl |
open-vm-tools |
openvpn |
os-prober |
ossp-uuid |
p11-kit |
pam |
pam-p11 |
paramiko |
parted |
paste |
patch |
patchutils |
pax |
pciutils |
pcre3 |
perl |
pexpect |
php5 |
php-json |
pillow |
pixman |
pkcs11-helper |
plainbox |
plymouth |
pm-utils |
po-debconf |
policykit-1 |
popt |
popularity-contest |
postfix |
postgresql-9.3 |
postgresql-common |
powermgmt-base |
powernap |
ppp |
pppconfig |
pppoeconf |
pptpd |
prettytable |
procmail |
procps |
psmisc |
psycopg2 |
pyasn1 |
pycurl |
pygments |
pygobject |
pygpgme |
pyicu |
pymongo |
pyopenssl |
pyparsing |
pyserial |
python2.7 |
python3.4 |
python3-defaults |
python3-stdlib-extensions |
python-amqp |
python-anyjson |
python-apt |
python-babel |
python-boto |
python-cl |
python-crypto |
python-dateutil |
python-debian |
python-decorator |
python-defaults |
python-django-piston |
python-django-south |
python-docutils |
python-formencode |
python-httplib2 |
python-iso8601 |
python-jsonschema |
python-keyring |
python-launchpadlib |
python-librabbitmq |
python-lockfile |
python-mailer |
python-memcache |
python-mock |
python-netaddr |
python-oauth |
python-openid |
python-pam |
python-pbr |
python-roman |
python-seamicroclient |
python-secretstorage |
python-setuptools |
python-stdlib-extensions |
python-tempita |
python-tx-tftp |
python-tz |
python-urllib3 |
python-wadllib |
pyyaml |
qemu |
quota |
radvd |
raphael |
rdate |
re2c |
readline5 |
readline6 |
recode |
reiserfsprogs |
requests |
resolvconf |
resource-agents |
rpcbind |
rpm |
rrdtool |
rsync |
rsyslog |
rtmpdump |
run-one |
samba |
sbsigntool |
scgi |
scowl |
screen |
seabios |
secureboot-db |
sed |
sensible-utils |
setserial |
sg3-utils |
sgml-base |
shadow |
shared-mime-info |
sharutils |
shim-signed |
siege |
simplejson |
simplestreams |
six |
slang2 |
smartmontools |
sosreport |
spamassassin |
sphinx |
spice |
sqlite3 |
squid-langpack |
ssh-import-id |
ssl-cert |
strace |
strongswan |
sudo |
syslinux |
sysstat |
systemd |
systemd-shim |
sysvinit |
t1utils |
talloc |
tar |
tasksel |
tcpdump |
tcp-wrappers |
tdb |
tevent |
texinfo |
tftp-hpa |
tgt |
thermald |
tidy |
tiff |
time |
tinycdb |
tmux |
tomcat7 |
twisted |
txamqp |
tzdata |
ubuntu-cloudimage-keyring |
ubuntu-drivers-common |
ubuntu-font-family-sources |
ubuntu-keyring |
ubuntu-meta |
ubuntu-release-upgrader |
ubuntu-virt |
ucf |
udisks2 |
ufw |
unattended-upgrades |
underscore |
unifont |
unixodbc |
unzip |
update-inetd |
update-manager |
update-motd |
update-notifier |
upstart |
ureadahead |
urlgrabber |
usbredir |
usbutils |
user-setup |
ustr |
util-linux |
uucp |
v4l-utils |
vbetool |
vblade |
vim |
vlan |
vsftpd |
w3m |
wakeonlan |
watershed |
wdiff |
wget |
whois |
wireless-regdb |
wireless-tools |
wpa |
xapian-bindings |
xapian-core |
xauth |
xfonts-encodings |
xfonts-utils |
xfsprogs |
xinetd |
xkeyboard-config |
x-kit |
xml-commons-external |
xml-core |
xz-utils |
yajl |
zerofree |
zip |
zlib |
zope.interface |
SecurityTeam/ESM/14.04 (last edited 2021-09-28 09:02:48 by alexmurray)