The Wayback Machine - https://web.archive.org/web/20190808220950/https://ubuntu.com/security

Dedicated to the security of Ubuntu

Since its inception in 2004, Ubuntu has been built on a foundation of enterprise-grade, industry leading security practices. From our toolchain to the suite of packages we use and from our update process to our industry standard certifications, Canonical never stops working to keep Ubuntu at the forefront of safety and reliability.

Watch the Ubuntu security webinar

Secure out of the box

All Canonical products are built with unrivalled security in mind — and tested to ensure they deliver it. Your Ubuntu software is secure from the moment you install it, and will remain so as Canonical ensures security updates are always available on Ubuntu first.

Secure by process

Canonical’s team of security experts react fast to threats constantly reviewing and fixing vulnerabilities. They also develop security features and best practices that are rolled into all Canonical products.

Certified compliance

Canonical offers a range of tools to enable organisations to manage their desktop fleet and cloud with specific compliance requirements. A FIPS (Federal Information Processing Standard) certified version of Ubuntu is also available to comply to US government standards.

Learn more about our certifications ›

Find out more

Security notices

Security news

Security hardening features

Canonical puts security at the heart of Ubuntu

  • Fast fixes

    No system is 100% secure and vulnerabilities will always arise. What matters is the speed and success with which they are resolved — and nobody makes fixes available faster than Canonical.

  • Automatic updates

    Security updates are provided for five years for long term support (LTS) releases. With the default configuration for unattended upgrades (16.04 and after), these updates get applied to your system automatically.

  • Livepatch

    The Canonical Livepatch Service enables live automatic security fixes to the kernel without rebooting. This service reduces planned or unplanned downtime while maintaining compliance and security.

  • 5 years of support guaranteed

    A new LTS (Long Term Support) version of Ubuntu is released every two years, for desktop and server. Both versions are supported for five years.

  • Extended security

    For users of Ubuntu 14.04 LTS, Canonical offers Extended Security Maintenance (ESM) to provide ongoing kernel security fixes through a secure and private archive.

  • FIPS

    Ubuntu is certified to US government standards by FIPS (Federal Information Processing Standard) to ensure compliance and tougher security.

  • Designed to be secure

    Linux is based on Unix. It inherits Discretionary Access Control and includes Mandatory Access Control via AppArmor.

  • Protected VMs

    LXD containers, libvirt VMs and OpenStack VMs are protected by AppArmor by default. A rich set of profiles are provided so users can opt-in to protection for other applications.

  • Secure snap packages

    Software packages delivered as strict-mode snaps are fully confined using AppArmor, device cgroups, and seccomp.

Learn how ITstrategen keeps their applications secure with Ubuntu

The security of customer data is of the utmost importance to ITstrategen, which is why Ubuntu is their server operating system of choice.

Read the case study

Ubuntu is trusted by

Find out why the UK Government puts Ubuntu in first place for security

CESG, the security arm of the UK government rated Ubuntu as the most secure operating system of the 11 they tested.

For the first time, both a DISA approved STIG and a CIS Benchmark are available for Ubuntu 16.04 LTS. This is in addition to the CIS Benchmark already available for 14.04 LTS.

Read the UK Gov Report Summary case study

Learn more about Ubuntu security

White paper

Ubuntu Core Security Whitepaper

White paper

IoT Security Whitepaper

FAQ

Ensuring the ongoing security compliance of Ubuntu

Helping you manage security

Every Long Term Support (LTS) release of Ubuntu comes with five years of free security and maintenance updates. Canonical also offers a number of additional products and services to help manage the security of your Ubuntu systems.

Critical security fixes with zero downtime

The Canonical Livepatch Service lets you apply kernel fixes in seconds, without restarting your Ubuntu 18.04 LTS, 16.04 LTS or 14.04 ESM systems. Fewer reboots removes the operational burden associated planned downtimes for upgrades. It also means improved service availability and systems that are more compliant and secure.

Learn more about Canonical’s Livepatch Service ›

Be compliant and FIPS certified

FIPS (Federal Information Processing Standard) is a US Government standard for ensuring compliance and security that mandates tougher encryption keys and only allows approved cryptographic functions.

Ubuntu 16.04 LTS has achieved FIPS certification for the OpenSSL, Kernel Crypto API, OpenSSH (Server, Client), and Strongswan modules. FIPS certified versions of these modules are available to Ubuntu Advantage Advanced customers.

Learn more about FIPS certified modules

Manage security updates with Landscape

Landscape is the leading management tool to deploy, monitor and manage your Ubuntu servers and desktops. Landscape gives the ability to centrally view and manage the security updates that have been applied to their systems and, critically, the security updates which have not yet been applied.

Get Landscape

Extend your Ubuntu 14.04 LTS security maintenance

Following the end-of-life of Ubuntu 14.04 LTS in April 2019, Canonical began offering Ubuntu 14.04 ESM (Extended Security Maintenance), to Ubuntu Advantage customers to provide important security fixes for the kernel and essential user space packages. These updates are delivered via a secure, private archive exclusively available to Ubuntu Advantage customers.

Watch our security compliance webinar now

Ubuntu Advantage

All of our security products are available for a one off fee or they are all included in our Ubuntu Advantage support packages.

Ubuntu Advantage is the professional package of tools, technology and expertise from Canonical, helping organisations around the world get the most out of their Ubuntu deployments. It includes access to:

  • Livepatch: automatic kernel security hotfixes without rebooting
  • FIPS: certified cryptographic modules available for compliance requirements
  • Landscape: the systems management tool for using Ubuntu at scale
  • Extended Security Maintenance: critical security updates after Ubuntu end-of-life
  • Knowledge Base: a private archive of expert-written articles and tutorials
  • Support: phone and web-based support at multiple service levels

Visit the Ubuntu Advantage store

Contact us about Ubuntu Advantage ›

Talk to a member of our team

We can recommend a security solution that best suits the needs of your organisation.

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading

'); window.scrollTo(0,0); } } // recaptcha submitCallback var CaptchaCallback = function() { let recaptchas = document.querySelectorAll("div[class^=g-recaptcha]"); recaptchas.forEach(function(field){ recaptchaWidgetId = grecaptcha.render(field, {'sitekey' : '6LfYBloUAAAAAINm0KzbEv6TP0boLsTEzpdrB8if'}); field.setAttribute("data-widget-id", recaptchaWidgetId); }); } // attach handler to all forms let marketoForm = document.querySelectorAll("form[id^=mktoForm]"); marketoForm.forEach(function(form) { form.addEventListener('submit', backgroundSubmitHandlerClosure()) });