summaryrefslogtreecommitdiffstats
path: root/wiki/src/security.mdwn
blob: ca360807596aa62f06104e607578020ea9e57812 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
[[!meta title="Security"]]

[[!toc levels=3]]

[[!inline pages="page(security/*) and !security/audits and !security/audits.* and !security/audits/* and currentlang()"
actions=no archive=yes feedonly=yes show=10 sort="-meta(date) age -path"]]

Since Tails is based on Debian, it takes advantage of all the work done by the
Debian security team. As quoted from <http://security.debian.org/>:

> Debian takes security very seriously. We handle all security
problems brought to our attention and ensure that they are corrected within a
reasonable timeframe. Many advisories are coordinated with other free software
vendors and are published the same day a vulnerability is made public and we
also have a Security Audit team that reviews the archive looking for new or
unfixed security bugs.

> Experience has shown that "security through obscurity" does
not work. Public disclosure allows for more rapid and better solutions to
security problems. In that vein, this page addresses Debian's status with
respect to various known security holes, which could potentially affect
Debian.

# Current holes

[[!inline pages="page(security/*) and ! tagged(security/probable)
and !security/audits and !security/audits.* and !security/audits/*
and ! tagged(security/fixed) and currentlang() and created_after(security/Numerous_security_holes_in_1.2)"
actions=no archive=yes feeds=no show=0 sort="-meta(date) age -path"]]

# Probable holes

Until an [[!tails_ticket 5769 desc="audit"]] of the bundled network
applications is done, information leakages at the protocol level
should be considered as − at the very least − possible.

[[!inline pages="page(security/*) and tagged(security/probable) and currentlang()"
actions=no archive=yes feeds=no show=0 sort="-meta(date) age -path"]]

# Fixed holes

**WARNING**: some of these holes may only be fixed in [[Git|contribute/git]].
Please carefully read the "Affected versions" sections below.

[[!inline pages="page(security/*) and tagged(security/fixed) and (currentlang() or security/Numerous_security_holes_in_*)"
actions=no archive=yes feeds=no show=0 sort="-meta(date) age -path"]]

# Audits

Audits of Tails that we are aware of are collected in [[security/audits]].