Experience has shown that
security through obscurity never works. Therefore, public disclosure allows for quicker and better solutions of security problems. In that respect, this page addresses Debian's status regarding various known security holes, which could potentially affect the Debian operating system.
The Debian project coordinates many security advisories with other free software vendors, and as a result, these advisories are published the same day a vulnerability is made public. In addition, we have our own Security Audit team. They review the archive and look for unfixed security bugs.
Debian also participates in security standardization efforts:
- The Debian Security Advisories are CVE-Compatible (review the cross references).
- Debian is represented in the Board of the Open Vulnerability Assessment Language project.
In order to receive the latest Debian security advisories, please subscribe to the debian-security-announce mailing list.
On top of that, you can use APT to easily get the latest security updates. To keep your Debian operating system up-to-date with security patches, please add the following line to your
deb http://security.debian.org/debian-security bullseye-security main contrib non-free
After saving the changes, run the following two commands to download and install the pending updates:
apt-get update && apt-get upgrade
The security archive is signed with the usual Debian archive keys.
For more information about security issues in Debian, please refer to our FAQ and our documentation:
These web pages include a condensed archive of security advisories posted to the debian-security-announce list.
[27 Jun 2022] DSA-5171-1 squid security update
[27 Jun 2022] DSA-5170-1 nodejs security update
[26 Jun 2022] DSA-5169-1 openssl security update
[22 Jun 2022] DSA-5168-1 chromium security update
[22 Jun 2022] DSA-5167-1 firejail security update
[20 Jun 2022] DSA-5166-1 slurm-wlm security update
[20 Jun 2022] DSA-5165-1 vlc security update
[18 Jun 2022] DSA-5164-1 exo security update
[12 Jun 2022] DSA-5163-1 chromium security update
[12 Jun 2022] DSA-5162-1 containerd security update
[11 Jun 2022] DSA-5161-1 linux security update
[10 Jun 2022] DSA-5160-1 ntfs-3g security update
[09 Jun 2022] DSA-5159-1 python-bottle security update
[04 Jun 2022] DSA-5158-1 thunderbird security update
[03 Jun 2022] DSA-5157-1 cifs-utils security update
[01 Jun 2022] DSA-5156-1 firefox-esr security update
[01 Jun 2022] DSA-5155-1 wpewebkit security update
[01 Jun 2022] DSA-5154-1 webkit2gtk security update
[30 May 2022] DSA-5153-1 trafficserver security update
[30 May 2022] DSA-5152-1 spip security update
The latest Debian security advisories are available as RDF files. We also offer a slightly longer version of the files which includes the first paragraph of the corresponding advisory. That way you can easily spot what the advisory is about.
Older security advisories are also available: 2022, 2021, 2020, 2019, 2018, 2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999, 1998, 1997 and undated security advisories, included for posterity.
Debian distributions are not vulnerable to all security problems. The Debian Security Tracker collects all information about the vulnerability status of Debian packages. It can be searched by CVE name or by package.