Security Information

Experience has shown that security through obscurity never works. Therefore, public disclosure allows for quicker and better solutions of security problems. In that respect, this page addresses Debian's status regarding various known security holes, which could potentially affect the Debian operating system.

The Debian project coordinates many security advisories with other free software vendors, and as a result, these advisories are published the same day a vulnerability is made public.

Debian also participates in security standardization efforts:

Keeping your Debian System secure

In order to receive the latest Debian security advisories, please subscribe to the debian-security-announce mailing list.

On top of that, you can use APT to easily get the latest security updates. To keep your Debian operating system up-to-date with security patches, please add the following line to your /etc/apt/sources.list file: 

deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware

After saving the changes, run the following two commands to download and install the pending updates: 

apt-get update && apt-get upgrade

The security archive is signed with the usual Debian archive keys.

For more information about security issues in Debian, please refer to our FAQ and our documentation:

Recent Advisories

These web pages include a condensed archive of security advisories posted to the debian-security-announce list.
New list format

[03 Oct 2023] DSA-5514-1 glibc security update
[03 Oct 2023] DSA-5513-1 thunderbird security update
[02 Oct 2023] DSA-5512-1 exim4 security update
[01 Oct 2023] DSA-5511-1 mosquitto security update
[29 Sep 2023] DSA-5510-1 libvpx security update
[29 Sep 2023] DSA-5509-1 firefox-esr security update
[29 Sep 2023] DSA-5508-1 chromium security update
[28 Sep 2023] DSA-5507-1 jetty9 security update
[28 Sep 2023] DSA-5506-1 firefox-esr security update
[25 Sep 2023] DSA-5505-1 lldpd security update
[22 Sep 2023] DSA-5504-1 bind9 security update
[20 Sep 2023] DSA-5503-1 netatalk security update
[18 Sep 2023] DSA-5502-1 xrdp security update
[18 Sep 2023] DSA-5501-1 gnome-shell security update
[18 Sep 2023] DSA-5500-1 flac security update
[18 Sep 2023] DSA-5499-1 chromium security update
[17 Sep 2023] DSA-5497-2 libwebp security update
[15 Sep 2023] DSA-5498-1 thunderbird security update
[13 Sep 2023] DSA-5497-1 libwebp security update
[13 Sep 2023] DSA-5496-1 firefox-esr security update
[11 Sep 2023] DSA-5495-1 frr security update
[10 Sep 2023] DSA-5494-1 mutt security update
[10 Sep 2023] DSA-5493-1 open-vm-tools security update
[09 Sep 2023] DSA-5492-1 linux security update
[07 Sep 2023] DSA-5491-1 chromium security update
[06 Sep 2023] DSA-5490-1 aom security update
[04 Sep 2023] DSA-5489-1 file security update
[03 Sep 2023] DSA-5488-1 thunderbird security update

The latest Debian security advisories are available as RDF files. We also offer a slightly longer version of the files which includes the first paragraph of the corresponding advisory. That way you can easily spot what the advisory is about.

Older security advisories are also available: 2023, 2022, 2021, 2020, 2019, 2018, 2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999, 1998, 1997 and undated security advisories, included for posterity.

Debian distributions are not vulnerable to all security problems. The Debian Security Tracker collects all information about the vulnerability status of Debian packages. It can be searched by CVE name or by package.