Gentoo Linux Security
1. Security in Gentoo Linux
Security is a primary focus of Gentoo Linux and ensuring the confidentiality
and security of our users machines is of utmost importance to us. The
Gentoo Linux Security Project
is tasked with providing timely information about security vulnerabilities
in Gentoo Linux, along with patches to secure those vulnerabilities. We work
directly with vendors, end users and other OSS projects to ensure all
security incidents are responded to quickly and professionally.
You can find a document describing the policy the security team follows to
treat the vulnerabilities found in the Gentoo Linux distribution on the
Vulnerability Treatment
Policy page.
Installing a secure Gentoo system
The Gentoo Security Handbook
gives information and tips for building a secure system and hardening
existing systems.
Keeping your Gentoo system secure
To stay up-to-date with the security fixes you should subscribe to receive
GLSAs and apply GLSA instructions whenever you have an affected package
installed. Alternatively, syncing your portage tree and upgrading every package
should also keep you up-to-date security-wise.
Integration of security-only updates in Portage tools is underway. In the mean
time, you can try our experimental glsa-check tool (part of the
gentoolkit package) to check if a specific GLSA applies to your system
(-p option), list all GLSAs with applied/affected/unaffected status
(-l option) or apply a given GLSA to your system (-f option).
2. Gentoo Linux Security Announcements (GLSAs)
Gentoo Linux Security Announcements are notifications that we send out to
the community to inform them of security vulnerabilities related to Gentoo
Linux or the packages contained in our portage repository.
Recent Advisories
For a full list of all published GLSAs, please see our
GLSA index page.
How to receive GLSAs
GLSA announcements are sent to the
[email protected] mailing-list,
and as a RDF feed available at
http://www.gentoo.org/rdf/en/glsa-index.rdf.
3. Security Team contact information
Gentoo Linux takes security vulnerability reports very seriously.
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and
Vulnerabilities component. Click
here
to directly submit a new security vulnerability.
The Gentoo Linux Security Team will ensure all security-related
bug reports are responded to in a timely fashion.
If you find errors or omissions in published GLSAs, you should also file a
bug in Gentoo Bugzilla in the
Gentoo Security product, but with GLSA Errors component. Click
here
to directly submit a new GLSA bug.
Confidential contacts
You have two options to submit non-public vulnerabilities to the Gentoo Linux
Security Team. You may submit a bug in
Gentoo Bugzilla
using the New-Expert action and check the
Gentoo Security checkbox in the Only users in all of the selected
groups can view this bug section. You may also contact directly using
encrypted mail one of the following security contacts:
Note: You can see a full list of Gentoo developers, including their GPG key ID on our list of active developers |
4. Resources
Security pages
Links
The contents of this document are licensed under the Creative Commons -
Attribution / Share Alike license.
|