dcsimg

Debian Stays on Top of Security

Ralph DeFrangesco

The Debian Security Audit Project was started to focus on security issues in Debian packages. The project's goal is to audit applications that are included in a stable Debian Linux release. Since its inception, the project has paid off in identifying and fixing issues before they were in general release.

 

Recent security advisories have identified vulnerabilities in the following packages:

 

  • KdeGraphics, an open source PDF viewer.
  • Drupal, a Web content management system.
  • Moin, a Python clone of WikiWiki.
  • PHP 5, a hypertext preprocessor.

 

Due to the Debian distribution size, not every package can be tested. The following are the guidelines that Debian uses to decide what packages get tested:

 

  1. Any binary which is installed setuid or setgid.
  2. Anything that provides a service over a network.
  3. Any remotely accessible CGI/PHP scripts.
  4. Anything which contains a cronjob or other automated script which runs with root privileges.

 

I like the aggressive approach that Debian is taking rather than waiting for users or developers to stumble on vulnerabilities. Security should start with application architecture through testing, and in most cases it does. However, sometimes bugs get through and it's nice to see additional testing.


 

You can subscribe to the Debian security announce mailing list to receive E-mail alerts.


Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

By submitting your information, you agree that itbusinessedge.com may send you ITBbusinessEdge offers via email, phone and text message, as well as email offers about other products and services that ITBbusinessEdge believes may be of interest to you. ITBbusinessEdge will process your information in accordance with the Quinstreet Privacy Policy.




Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

By submitting your information, you agree that itbusinessedge.com may send you ITBbusinessEdge offers via email, phone and text message, as well as email offers about other products and services that ITBbusinessEdge believes may be of interest to you. ITBbusinessEdge will process your information in accordance with the Quinstreet Privacy Policy.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

By submitting your information, you agree that itbusinessedge.com may send you ITBbusinessEdge offers via email, phone and text message, as well as email offers about other products and services that ITBbusinessEdge believes may be of interest to you. ITBbusinessEdge will process your information in accordance with the Quinstreet Privacy Policy.


×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.