Ubuntu
python3.8 package

Cannot locate proper repo for python3.8+ESM1

Asked by Adam D

Good Morning,

Running Ubuntu 18.04 (bionic)

I've ran a Tennable scan and noticed that my python3.8 version needs to be updated to version python3.8+esm1. I've searched endlessly to find the proper repo for the +esm1 version but continually running into road blocks.

I've come across this security notice; https://linuxsecurity.com/advisories/ubuntu/ubuntu-5931-1-python-vulnerability-pgyxbmjyypbn

And this security notice links to an official Launchpad site for +esm1 However its a page not found;

https://launchpad.net/ubuntu/+source/python3.8/3.8.0-3ubuntu1~18.04.2+esm1

I suspect that the +esm1 update/patch has been incorporated to the official python3.8 repo. Can anyone confirm if that is the case? Note: Tennable scans for package name and not necessarily the package version itself.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu python3.8 Edit question
Assignee:
No assignee Edit question
Solved by:
Adam D
Solved:
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said : 		#1

The ESM repositories are accessible only for systems that are covered by an Ubuntu Pro subscription https://ubuntu.com/pro

Revision history for this message
Adam D (adamsdd) said : 		#2

We do have Ubuntu Pro but the package(s) still showing as missing. Did you take a look at that link I provided above?

Revision history for this message
Manfred Hampl (m-hampl) said : 		#3

Which one of the links are you referring to?

The ESM repositories have restricted access, so you cannot simply search for them on launchpad.
What is the output of the command
ubuntu-advantage status

Does it show that ESM is activated on the system in question?

Do you have the ESM repositories activated in the /etc/apt/sources.list or /etc/apt/sources.list.d/*.list configuration files?
What is the output of the command
apt policy python3.8

Does it show the ESM servers as available source?

Revision history for this message
Adam D (adamsdd) said (last edit ): 		#4

This link specifically is here; https://launchpad.net/ubuntu/+source/python3.8/3.8.0-3ubuntu1~18.04.2+esm1 Its in my initial post.

It just errors out with a 'page not found'

output is;

root@:~# ubuntu-advantage status
SERVICE ENTITLED STATUS DESCRIPTION
cc-eal yes disabled Common Criteria EAL2 Provisioning Packages
cis yes disabled Security compliance and audit tools
esm-infra yes disabled Expanded Security Maintenance for Infrastructure
fips-updates yes disabled NIST-certified core packages with priority security updates
livepatch yes disabled Canonical Livepatch service

NOTICES
Reboot to FIPS kernel required

Enable services with: pro enable <service>

                Account: ****
           Subscription: Ubuntu Pro (Infra-only) - Virtual
            Valid until: Wed Jun 14 23:59:59 2023 UTC
Technical support level: essential

root@f~# apt policy python3.8
python3.8:
  Installed: 3.8.0-3ubuntu1~18.04.2
  Candidate: 3.8.0-3ubuntu1~18.04.2
  Version table:
 *** 3.8.0-3ubuntu1~18.04.2 500
        500 https://repo-location/current/deb/ubuntu bionic-updates/universe amd64 Packages
        500 https://repo-location/current/deb/ubuntu bionic-security/universe amd64 Packages
        100 /var/lib/dpkg/status
root@f~#

Sources show the same links as above

Revision history for this message
Manfred Hampl (m-hampl) said : 		#5

"esm-infra yes disabled"

ESM is not enabled on that system.

Revision history for this message
Adam D (adamsdd) said : 		#6

Changed to enabled. No updates are available;

root@:~# ua status
SERVICE ENTITLED STATUS DESCRIPTION
cc-eal yes disabled Common Criteria EAL2 Provisioning Packages
cis yes disabled Security compliance and audit tools
esm-infra yes enabled Expanded Security Maintenance for Infrastructure
fips-updates yes disabled NIST-certified core packages with priority security updates
livepatch yes disabled Canonical Livepatch service

NOTICES
Reboot to FIPS kernel required

Enable services with: pro enable <service>

                Account: ***
           Subscription: Ubuntu Pro (Infra-only) - Virtual
            Valid until: Wed Jun 14 23:59:59 2023 UTC
Technical support level: essential
root@:~# apt-get update
Get:1 https://repo-location/current/deb/ubuntu bionic InRelease [242 kB]
Hit:2 https://repo-location/current/deb/ubuntu bionic-updates InRelease
Hit:3 https://repo-location/current/deb/ubuntu bionic-backports InRelease
Hit:4 https://repo-location/current/deb/ubuntu bionic-security InRelease
Hit:5 https://repo-location/current/deb/azure-cli bionic InRelease
Get:6 https://repo-location/current/deb/docker/linux/ubuntu bionic InRelease [64.4 kB]
Get:7 https://repo-location/current/deb/microsoft/ubuntu/18.04 bionic InRelease [2,457 B]
Hit:8 https://repo-location/current/deb/ppa-private/ubuntu-advantage/fips-updates/ubuntu bionic InRelease
Get:9 https://repo-location/current/deb/ppa-private/ubuntu-advantage/security-benchmarks/ubuntu bionic InRelease [15.9 kB]
Hit:10 https://repo-location/current/deb/esm/cis/ubuntu bionic InRelease
Hit:11 https://esm.ubuntu.com/infra/ubuntu bionic-infra-security InRelease
Hit:12 https://repo-location/current/deb/esm/fips-updates/ubuntu bionic-updates InRelease
Get:13 https://repo-location/current/deb/zabbix/4.2/ubuntu bionic InRelease [7,096 B]
Hit:14 https://esm.ubuntu.com/infra/ubuntu bionic-infra-updates InRelease
Fetched 332 kB in 6s (56.5 kB/s)
Reading package lists... Done
root@:~#

Revision history for this message
Adam D (adamsdd) said : 		#7

But my question is.. did Ubuntu package the +esm1 update into its standard python3.8 package?

Revision history for this message
Manfred Hampl (m-hampl) said : 		#8

I am wondering why your system only shows "esm-infra", but not also "esm-apps".

Your question
"But my question is.. did Ubuntu package the +esm1 update into its standard python3.8 package?"

The update from python3.8 version 3.8.0-3ubuntu1~18.04.2 to 3.8.0-3ubuntu1~18.04.2+esm1 is not available in the "non-ESM" repositories for bionic.
Related updates, however, have been incorporated into the python3.8 package for focal.

Revision history for this message
Adam D (adamsdd) said : 		#9

Well, UA is optional but only needing esm-infra
So there are 2 packages for python3.8. The standard package and the +esm1 package. Shouldn't information about +esm1 work at the following official link?

https://launchpad.net/ubuntu/+source/python3.8/3.8.0-3ubuntu1~18.04.2+esm1

Revision history for this message
Manfred Hampl (m-hampl) said : 		#10

Repeating my comment #3: The ESM packages are not available on the launchpad servers.

You have to ask https://linuxsecurity.com why they put a link on their web pages that is not accessible.

Revision history for this message
Adam D (adamsdd) said : 		#11

Ok fair enough but there isn't any information about +esm1 Where can I find official information regarding that package within launchpad.net or ubuntu.com/net

Revision history for this message
Manfred Hampl (m-hampl) said : 		#12

As far as I know, access to the detail information about the ESM packages is restricted to the Ubuntu developers.

Why don't you upgrade to a current Ubuntu release that is not in ESM status, but under full support (e.g 20.04 or 22.04)?

Revision history for this message
Adam D (adamsdd) said : 		#13

I could but the people who need 18.04 want to stick with 18.04 for the time being. It will eventually be upgraded but not sure of the timeline.