dcsimg

Debian Stays on Top of Security

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Email  

The Debian Security Audit Project was started to focus on security issues in Debian packages. The project's goal is to audit applications that are included in a stable Debian Linux release. Since its inception, the project has paid off in identifying and fixing issues before they were in general release.

 

Recent security advisories have identified vulnerabilities in the following packages:

 

  • KdeGraphics, an open source PDF viewer.
  • Drupal, a Web content management system.
  • Moin, a Python clone of WikiWiki.
  • PHP 5, a hypertext preprocessor.

 

Due to the Debian distribution size, not every package can be tested. The following are the guidelines that Debian uses to decide what packages get tested:

 

  1. Any binary which is installed setuid or setgid.
  2. Anything that provides a service over a network.
  3. Any remotely accessible CGI/PHP scripts.
  4. Anything which contains a cronjob or other automated script which runs with root privileges.

 

I like the aggressive approach that Debian is taking rather than waiting for users or developers to stumble on vulnerabilities. Security should start with application architecture through testing, and in most cases it does. However, sometimes bugs get through and it's nice to see additional testing.

 

You can subscribe to the Debian security announce mailing list to receive E-mail alerts.

NewsletterITBUSINESSEDGE DAILY NEWSLETTER

SUBSCRIBE TO OUR DAILY EDGE NEWSLETTERS