On Fri, 21 Aug 2020, Linux for blind general discussion wrote:
Being way behind in lots of packages means security exposures galore.
Exim was hacked by the Russians already and ssh servers world-wide have
malware attacking them now too.
This is why you subscribe to Debian security updates, which should be
configured by default.
From their security page:
Debian takes security very seriously. We handle all security problems
brought to our
attention and ensure that they are corrected within a reasonable
timeframe. Many advisories
are coordinated with other free software vendors and are published the
same day a
vulnerability is made public and we also have a Security Audit team
that reviews the
archive looking for new or unfixed security bugs.
Security fixes are provided for a year after the next stable version of
Debian is released. In practice, this tends to mean that a Debian
release will get regular security fixes for three years.
Following this, LTS security updates for certain architectures will be
provided for an additional two years or so.
You can get Debian security notices via email if you wish.
For more information, see https://security.debian.org and
https://wiki.debian.org/LTS
Both Exim and SSh have had several security fixes applied since Debian
Buster was released.
If you are concerned about a specific vulnerability, you can use its CVE
number and the resources at security.debian.org to see if these have been
fixed in Debian.
For Debian installations, you can also see which security updates have
been applied by reading /usr/share/doc/<packagename>/changelog.debian.gz
HTH,
Geoff.
_______________________________________________
Blinux-list mailing list
Blinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/blinux-list