![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 28.999999999999996%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ3%3C/text%3E%3C/svg%3E)
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,068 questions
The vulnerabilities you're seeing are likely related to extended security maintenance (ESM) or additional security updates provided through the Ubuntu Pro subscription. These updates may take longer to appear in Microsoft's package repository, as that repository generally pulls from the public repositories and does not include all of the Ubuntu Pro-exclusive security patches.
Here's an overview of how the process works:
- Ubuntu Pro Patches:
- Ubuntu Pro offers access to additional security patches, especially for high-risk vulnerabilities or for packages beyond the default support lifecycle. If these patches are being flagged in USN articles and are marked as only available via Ubuntu Pro, they will not be immediately available in the public package repositories.
- Microsoft Repositories:
- The packages.microsoft.com repository typically provides updates for Microsoft-specific software and tools for Linux, but it may not include all Ubuntu security updates.
- Microsoft does not maintain its own equivalent to Ubuntu Pro patches, so there could be a delay or unavailability for some security fixes from the mainline Ubuntu repositories unless you're using Ubuntu Pro.
- Availability Timing:
- For standard Ubuntu security patches, once they are released to the public, they should eventually be mirrored on the Microsoft repository. However, this timeline can vary depending on the sync schedule between Ubuntu’s public repositories and Microsoft's Ubuntu sources.
- Critical or high-impact security vulnerabilities should get prioritized updates, but if the fix is behind the Ubuntu Pro subscription, you may need to subscribe to Ubuntu Pro to get these immediately.
- Considerations:
- If these vulnerabilities are critical for your environment, you may want to consider subscribing to Ubuntu Pro for your VMs. Ubuntu Pro provides 10 years of security maintenance and includes fixes for thousands of packages.
- If you're unable to subscribe to Ubuntu Pro, you'll need to wait for these patches to be rolled out to the public repositories, though this might take time depending on the type of vulnerability and its priority.
For now, you can continue updating your systems from the packages.microsoft.com repository and monitor any critical vulnerabilities. However, if the flagged vulnerabilities require immediate attention, adopting Ubuntu Pro might be necessary for comprehensive protection.The vulnerabilities you're seeing are likely related to extended security maintenance (ESM) or additional security updates provided through the Ubuntu Pro subscription. These updates may take longer to appear in Microsoft's package repository, as that repository generally pulls from the public repositories and does not include all of the Ubuntu Pro-exclusive security patches.
Here's an overview of how the process works:
- Ubuntu Pro Patches:
- Ubuntu Pro offers access to additional security patches, especially for high-risk vulnerabilities or for packages beyond the default support lifecycle. If these patches are being flagged in USN articles and are marked as only available via Ubuntu Pro, they will not be immediately available in the public package repositories.
- Microsoft Repositories:
- The packages.microsoft.com repository typically provides updates for Microsoft-specific software and tools for Linux, but it may not include all Ubuntu security updates.
- Microsoft does not maintain its own equivalent to Ubuntu Pro patches, so there could be a delay or unavailability for some security fixes from the mainline Ubuntu repositories unless you're using Ubuntu Pro.
- Availability Timing:
- For standard Ubuntu security patches, once they are released to the public, they should eventually be mirrored on the Microsoft repository. However, this timeline can vary depending on the sync schedule between Ubuntu’s public repositories and Microsoft's Ubuntu sources.
- Critical or high-impact security vulnerabilities should get prioritized updates, but if the fix is behind the Ubuntu Pro subscription, you may need to subscribe to Ubuntu Pro to get these immediately.
- Considerations:
- If these vulnerabilities are critical for your environment, you may want to consider subscribing to Ubuntu Pro for your VMs. Ubuntu Pro provides 10 years of security maintenance and includes fixes for thousands of packages.
- If you're unable to subscribe to Ubuntu Pro, you'll need to wait for these patches to be rolled out to the public repositories, though this might take time depending on the type of vulnerability and its priority.
For now, you can continue updating your systems from the packages.microsoft.com repository and monitor any critical vulnerabilities. However, if the flagged vulnerabilities require immediate attention, adopting Ubuntu Pro might be necessary for comprehensive protection.