Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Debian
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Security === The Debian project handles security through [[Full disclosure (computer security)|public disclosure]]. Debian security advisories are compatible with the [[Common Vulnerabilities and Exposures]] dictionary, are usually coordinated with other free software vendors and are published the same day a vulnerability is made public.<ref>{{cite web |url = http://www.debian.org/security/ |access-date = 2008-12-13 |title = Security Information |publisher = Debian |archive-date = October 31, 2012 |archive-url = https://web.archive.org/web/20121031073733/http://www.debian.org/security/ |url-status = live }}</ref><ref>{{cite web |url = https://cve.mitre.org/compatible/organizations.html#Software%20in%20the%20Public%20Interest,%20Inc. |title = Organizations Participating |publisher = [[Mitre Corporation|MITRE]] |date = 2014-04-16 |access-date = 2014-06-05 |archive-date = May 26, 2014 |archive-url = https://web.archive.org/web/20140526085923/http://cve.mitre.org/compatible/organizations.html#Software%20in%20the%20Public%20Interest,%20Inc. |url-status = live }}</ref> There used to be a security audit project that focused on packages in the stable release looking for security bugs;<ref>{{cite web |url = http://www.debian.org/security/audit/ |title = Debian Security Audit Project |publisher = Debian |date = 2014-03-15 |access-date = 2014-06-04 |archive-date = June 6, 2014 |archive-url = https://web.archive.org/web/20140606223459/https://www.debian.org/security/audit/ |url-status = live }}</ref> Steve Kemp, who started the project, retired in 2011 but resumed his activities and applied to rejoin in 2014.<ref>{{cite web |url = http://www.steve.org.uk/Security/Advisories/ |title = Advisories |publisher = Steve Kemp |access-date = 2014-08-18 |archive-date = August 19, 2014 |archive-url = https://web.archive.org/web/20140819084841/http://www.steve.org.uk/Security/Advisories/ |url-status = live }}</ref><ref>{{cite web |url = https://nm.debian.org/public/person/skx |title = Steve Kemp |publisher = Debian |access-date = 2014-08-18 |archive-date = August 19, 2014 |archive-url = https://web.archive.org/web/20140819084712/https://nm.debian.org/public/person/skx |url-status = live }}</ref> The ''stable'' branch is supported by the Debian security team; ''oldstable'' is supported for one year.<ref name="securityfaq">{{cite web |url = http://www.debian.org/security/faq |title = Debian security FAQ |date = 2007-02-28 |access-date = 2008-10-21 |publisher = Debian |archive-date = August 28, 2008 |archive-url = https://web.archive.org/web/20080828054249/http://www.debian.org./security/faq |url-status = live }}</ref> Although Squeeze is not officially supported, Debian is coordinating an effort to provide [[long-term support]] (LTS) until February 2016, five years after the initial release, but only for the IA-32 and x86-64 platforms.<ref>{{cite web |url = https://www.phoronix.com/scan.php?page=news_item&px=MTY2NzA |title = Debian To Maintain 6.0 Squeeze As An LTS Release |last = Larabel |first = Michael |author-link = Michael Larabel |publisher = [[Phoronix]] |date = 2014-04-18 |access-date = 2014-07-21 |archive-date = October 6, 2016 |archive-url = https://web.archive.org/web/20161006082828/https://www.phoronix.com/scan.php?page=news_item&px=MTY2NzA |url-status = live }}</ref> ''Testing'' is supported by the ''testing'' security team, but does not receive updates in as timely a manner as ''stable''.<ref>{{cite web |url = http://testing-security.debian.net |title = Debian testing security team |publisher = Debian |access-date = 2008-10-31 |url-status = dead |archive-url = https://web.archive.org/web/20081005233623/http://testing-security.debian.net/ |archive-date = October 5, 2008 |df = mdy }}</ref> ''Unstable''{{'}}s security is left for the package maintainers.<ref name="securityfaq" /> The Debian project offers documentation and tools to [[hardening (computing)|harden]] a Debian installation both manually and automatically.<ref>{{cite web |url = http://www.debian.org/doc/user-manuals#securing |access-date = 2008-12-13 |title = Securing Debian Manual |publisher = Debian |archive-date = January 28, 2021 |archive-url = https://web.archive.org/web/20210128190114/https://www.debian.org/doc/user-manuals#securing |url-status = live }}</ref> [[AppArmor]] support is available and enabled by default since Buster.<ref>{{Cite web|url=https://www.debian.org/News/2019/20190706.en.html|title=Debian -- News -- Debian 10 "buster" released|website=www.debian.org|access-date=2019-07-08|archive-date=July 7, 2019|archive-url=https://web.archive.org/web/20190707151659/https://www.debian.org/News/2019/20190706.en.html|url-status=live}}</ref> Debian provides an optional hardening wrapper, and does not harden all of its software by default using [[GNU Compiler Collection|gcc]] features such as [[Position-independent code|PIE]] and [[buffer overflow protection]], unlike operating systems such as [[OpenBSD]],<ref>{{cite web |url = http://d-sbd.alioth.debian.org/www/ |title = Debian Secure by Default |publisher = Debian: SbD |access-date = 2011-01-31 |archive-url = https://web.archive.org/web/20041103003535/http://d-sbd.alioth.debian.org/www/ |archive-date = November 3, 2004 |url-status = dead }}</ref> but tries to build as many packages as possible with hardening flags.<ref name="new-in-7">{{cite web |url = http://www.debian.org/releases/wheezy/i386/release-notes/ch-whats-new.html |work = Release Notes for Debian 7.0 (wheezy), 32-bit PC |title = Chapter 2. What's new in Debian 7.0 |publisher = Debian |access-date = 2014-05-27 |archive-date = June 6, 2014 |archive-url = https://web.archive.org/web/20140606220213/https://www.debian.org/releases/wheezy/i386/release-notes/ch-whats-new.html |url-status = live }}</ref> In May 2008, a Debian developer discovered that the [[OpenSSL]] package distributed with Debian and derivatives such as [[Ubuntu]] made a variety of security keys vulnerable to a [[random number generator attack]], since only 32,767 different keys were generated.<ref>{{cite web |url = http://www.debian.org/security/2008/dsa-1571 |title = DSA-1571-1 openssl: predictable random number generator |date = 2008-05-13 |access-date = 2008-10-31 |publisher = Debian |archive-date = March 9, 2011 |archive-url = https://web.archive.org/web/20110309045023/http://www.debian.org/security/2008/dsa-1571 |url-status = live }}</ref><ref>{{cite web |url = http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166 |title = CVE-2008-0166 |access-date = 2014-07-21 |publisher = [[Mitre Corporation|MITRE]] |archive-date = July 14, 2014 |archive-url = https://web.archive.org/web/20140714005052/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166 |url-status = live }}</ref><ref name="garfinkel">{{cite magazine |url =https://www.technologyreview.com/2008/05/20/220474/alarming-open-source-security-holes/ |title = Alarming Open-Source Security Holes |last = Garfinkel |first = Simson |author-link = Simson Garfinkel |magazine = [[MIT Technology Review]] |date = 2008-05-20 |access-date = 2014-07-21 }}</ref> The security weakness was caused by changes made in 2006 by another Debian developer in response to memory debugger warnings.<ref name="garfinkel" /><ref>{{cite web |url = https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516 |title = valgrind-clean the RNG |publisher = Debian BTS |date = 2006-04-19 |access-date = 2014-06-21 |archive-date = August 6, 2014 |archive-url = https://web.archive.org/web/20140806025755/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516 |url-status = live }}</ref> The complete resolution procedure was cumbersome because patching the security hole was not enough; it involved regenerating all affected keys and certificates.<ref>{{cite web |url = http://cseweb.ucsd.edu/~hovav/dist/debiankey.pdf |title = When Private Keys are Public: Results from the 2008 Debian OpenSSL Vulnerability |publisher = [[University of California, San Diego]] |year = 2009 |access-date = 2014-06-22 |archive-date = March 4, 2016 |archive-url = https://web.archive.org/web/20160304192449/http://cseweb.ucsd.edu/~hovav/dist/debiankey.pdf |url-status = live }}</ref> Recent versions of Debian have focused more on safer defaults. Debian 10 had AppArmor enabled by default, and Debian 11 improved Secure Boot support and included persistent system journaling. The project is also making all packages reproducible, which helps to ensure software integrity.<ref name="Introduction to Deep Learning VM"/>
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
Debian
(section)
Add topic
