Ubuntu security on cloud images

Ubuntu security features

Download images available at Cloud images (including OCI and LXD images) inherit all the security features available on Ubuntu Server. Ubuntu Server security features are available to read about by following this Introduction to Security. A more detailed discussion on Security of Ubuntu is available in the Security section.

Enhanced security using Ubuntu Pro

Enhanced security features are available for Ubuntu via the Ubuntu Pro subscription:

• Expanded Security Maintenance (ESM): Provides up to 12 years of support for security updates as detailed in the ESM section.

• Kernel livepatching: Shrinks the exploit window for critical kernel vulnerabilities as detailed in the Livepatch section.

• Security compliance and certifications: Provides rigorous security certifications such as FIPS and CIS as detailed in the Certifications section.

Common Vulnerabilities and Exposures (CVE)

All CVEs affecting Ubuntu are tracked and reported on the Ubuntu CVE system. This system allows users to:

• Stay up to date with publicly disclosed security vulnerabilities.

• Find which releases are affected by a specific vulnerability.

• Track the status of CVEs and the patches released to address these CVEs.

Following the fix of security issues, notices are posted under Security notices

Image signing and checksums

Each image published under Cloud images comes with a corresponding SHA256 checksum and GPG file that allows you to verify its authenticity and that it has not been corrupted or tampered with.

The Ubuntu tutorial How to verify Ubuntu gives a detailed guide on how to verify and validate the integrity of an image.