Security Information
Experience has shown that security through obscurity
never works. Therefore, public disclosure allows for quicker and better solutions of security problems. In that respect, this page addresses Debian's status regarding various known security holes, which could potentially affect the Debian operating system.
The Debian project coordinates many security advisories with other free software vendors, and as a result, these advisories are published the same day a vulnerability is made public. In order to receive the latest Debian security advisories, please subscribe to the debian-security-announce mailing list.
Debian also participates in security standardization efforts:
- The Debian Security Advisories are CVE-Compatible (review the cross references).
- Debian is represented in the Board of the Open Vulnerability Assessment Language project.
Keeping your Debian System secure
The packages unattended-upgrades is installed with the GNOME desktop and keeps the computer current with the latest security (and other) updates automatically. The wiki entry has more detailed information how to manually set up unattended-upgrades.
For more information about security issues in Debian, please refer to our FAQ and our documentation:
Recent Advisories
These are the recent Debian Security Advisories (DSA) posted to the debian-security-announce list.
T is the link to the Debian Security Tracker information, the DSA number links to the announcement mail.
[22 Sep 2023] T DSA 5504-1 bind9 security update
[20 Sep 2023] T DSA 5503-1 netatalk security update
[18 Sep 2023] T DSA 5502-1 xrdp security update
[18 Sep 2023] T DSA 5501-1 gnome-shell security update
[18 Sep 2023] T DSA 5500-1 flac security update
[18 Sep 2023] T DSA 5499-1 chromium security update
[13 Sep 2023] T DSA 5497-2 libwebp security update
[15 Sep 2023] T DSA 5498-1 thunderbird security update
[13 Sep 2023] T DSA 5497-1 libwebp security update
[13 Sep 2023] T DSA 5496-1 firefox-esr security update
[11 Sep 2023] T DSA 5495-1 frr security update
[10 Sep 2023] T DSA 5494-1 mutt security update
[10 Sep 2023] T DSA 5493-1 open-vm-tools security update
[09 Sep 2023] T DSA 5492-1 linux security update
[07 Sep 2023] T DSA 5491-1 chromium security update
[06 Sep 2023] T DSA 5490-1 aom security update
[04 Sep 2023] T DSA 5489-1 file security update
[03 Sep 2023] T DSA 5488-1 thunderbird security update
[31 Aug 2023] T DSA 5487-1 chromium security update
[30 Aug 2023] T DSA 5486-1 json-c security update
[30 Aug 2023] T DSA 5485-1 firefox-esr security update
[27 Aug 2023] T DSA 5484-1 librsvg security update
[25 Aug 2023] T DSA 5483-1 chromium security update
[24 Aug 2023] T DSA 5482-1 tryton-server security update
[20 Aug 2023] T DSA 5481-1 fastdds security update
[18 Aug 2023] T DSA 5480-1 linux security update
[17 Aug 2023] T DSA 5479-1 chromium security update
[16 Aug 2023] T DSA 5478-1 openjdk-11 security update
[14 Aug 2023] T DSA 5477-1 samba security update
[12 Aug 2023] T DSA 5476-1 gst-plugins-ugly1.0 security update
[11 Aug 2023] T DSA 5475-1 linux security update
[11 Aug 2023] T DSA 5474-1 intel-microcode security update
[08 Aug 2023] T DSA 5473-1 orthanc security update
[08 Aug 2023] T DSA 5472-1 cjose security update
[07 Aug 2023] T DSA 5471-1 libhtmlcleaner-java security update
[06 Aug 2023] T DSA 5470-1 python-werkzeug security update
[05 Aug 2023] T DSA 5469-1 thunderbird security update
[05 Aug 2023] T DSA 5468-1 webkit2gtk security update
[04 Aug 2023] T DSA 5467-1 chromium security update
[04 Aug 2023] T DSA 5466-1 ntpsec security update
[03 Aug 2023] T DSA 5465-1 python-django security update
[03 Aug 2023] T DSA 5464-1 firefox-esr security update
[30 Jul 2023] T DSA 5463-1 thunderbird security update
[30 Jul 2023] T DSA 5462-1 linux security update
[30 Jul 2023] T DSA 5461-1 linux security update
[26 Jul 2023] T DSA 5460-1 curl security update
[25 Jul 2023] T DSA 5459-1 amd64-microcode security update
[25 Jul 2023] T DSA 5458-1 openjdk-17 security update
[22 Jul 2023] T DSA 5457-1 webkit2gtk security update
[20 Jul 2023] T DSA 5456-1 chromium security update
[17 Jul 2023] T DSA 5455-1 iperf3 security update
Sources of Security Information
- Debian Security Tracker primary source for all security related information, search options
- JSON list contains CVE description, package name, Debian bug number, package versions with fix, no DSA included
- DSA list contains DSA including date, related CVE's numbers, package versions with fix
- DLA list contains DLA including date, related CVE's numbers, package versions with fix
- DSA announcements
- DLA announcements
- Oval files
- Lookup a DSA (uppercase is important)
e.g. https://security-tracker.debian.org/tracker/DSA-3814 - Lookup a DLA ( -1 is important)
e.g. https://security-tracker.debian.org/tracker/DLA-867-1 - Lookup a CVE
e.g. https://security-tracker.debian.org/tracker/CVE-2017-6827
The latest Debian security advisories are available as RDF files. We also offer a slightly longer version of the files which includes the first paragraph of the corresponding advisory.