Additional security updates can be applied with ESM Apps

When logging into Ubuntu server you will see a response similar to

Welcome to Ubuntu 20.04.6 LTS (GNU/Linux 5.15.0-1049-azure x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Fri Oct 13 02:54:35 UTC 2023

  System load:  0.02               Processes:                166
  Usage of /:   3.9% of GB   Users logged in:          1
  Memory usage: 23%                IPv4 address for docker0: 
  Swap usage:   0%                 IPv4 address for eth0:    

 * Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s
   just raised the bar for easy, resilient and secure K8s cluster deployment.

   https://ubuntu.com/engage/secure-kubernetes-at-the-edge

Expanded Security Maintenance for Applications is not enabled.

0 updates can be applied immediately.

4 additional security updates can be applied with ESM Apps.
Learn more about enabling ESM Apps service at https://ubuntu.com/esm

New release '22.04.3 LTS' available.
Run 'do-release-upgrade' to upgrade to it.

What does this line refer to - 4 additional security updates can be applied with ESM Apps

Ubuntu Extended Security Maintenance (ESM) provides additional security updates and support for Ubuntu systems that have reached their end of standard support (End of Life) but still need ongoing security updates. This service is designed for organizations and individuals who cannot immediately upgrade to a newer Ubuntu release but still require essential security patches.

ESM is available for Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS and other long-term support (LTS) releases.

Enable ESM Repository

To access ESM security updates, you need to enable the ESM repository in your Ubuntu system. You can do this by editing the /etc/apt/sources.list file. For example, to enable ESM for Ubuntu 20.04 LTS (the version noted above), you would add the following line to your sources list:

deb http://archive.ubuntu.com/ubuntu focal-updates main
deb http://archive.ubuntu.com/ubuntu focal-security main
deb http://archive.ubuntu.com/ubuntu focal-security universe
deb http://archive.ubuntu.com/ubuntu focal-security multiverse

You would replace focal with the codename of your Ubuntu release (e.g., bionic for 18.04 LTS). To see a list of Ubuntu codenames - see below.  After editing the sources list, run:

sudo apt update

Install ESM Updates

Once you've enabled the ESM repository, you can install security updates as you normally would with the apt package manager. The ESM updates are provided for the components enabled in the sources list.

sudo apt upgrade

This will upgrade your system with the available ESM security updates.

Access to ESM security updates may be subject to a subscription fee for some versions or included as part of a free tier, depending on your organization's needs and the specific version of Ubuntu. Be sure to check the official Ubuntu ESM documentation for the most up-to-date information regarding subscriptions and support.

It's essential to note that while ESM provides security updates, it does not offer non-security updates, feature enhancements, or technical support as you would receive during the standard support period. Therefore, it is recommended to plan for upgrading to a newer Ubuntu release when possible, as ESM is meant as a temporary solution to keep older systems secure while you work on migration plans.

Ubuntu release names

The version numbers follow a pattern based on the year and month of release. LTS releases have a longer support cycle (usually 5 years for desktops and servers) and are suitable for long-term deployments, while non-LTS releases have a shorter support period (usually 9 months) and are often used by those who want the latest features and software.