Upcoming Support for Vulnerability Detections on Ubuntu ESM
Qualys VMDR team adds support for vulnerability detection on Ubuntu Extended Security Maintenance (ESM).
Canonical provides Ubuntu ESM as part of the Ubuntu Pro subscription. It offers continuous vulnerability management and patching for all critical, high, and medium-severity vulnerabilities. The tool provides organizations more time to plan upgrades while ensuring Ubuntu LTS systems’ integrity.
There are two ways to access ESM by taking Ubuntu 16.04 as an example:
- Attach your existing Ubuntu 16.04 LTS machine via the UA client command line.
- Launch an Ubuntu PRO 16.04 image already enabled by ESM.
For those with Ubuntu 16.04 instances on AWS or Azure, ESM is baked into Ubuntu Pro and Ubuntu Pro FIPS premium images. ESM is also available for physical servers, virtual machines, containers, and desktops through an Ubuntu Advantage subscription. Personal Ubuntu users can access a UA Infrastructure Essential subscription for free on up to three machines.
Qualys will cover the advisories released by Ubuntu after July 1st, 2023. There will be no coverage for older advisories released by Ubuntu.
Qualys will start adding Vuln QIDs from the beginning of July.
HI Diksha,
But these vulnerabilities should be detected in case customer is subscribed with Ubuntu pro/Ubuntu advantage only. I can see, this is detecting for non pro customers & creating lots of conflicts. Could you please suggest any way to get rid of this detection in such cases?
Thanks
Rahul Joshi