Security Responses and Updates

Cumulus Networks believes in the Linux model of security through transparency. Cumulus Networks constantly monitors security advisories and will provide updated packages and notify users when major vulnerabilities affect Cumulus Linux.

Subscribe to the Cumulus Networks Security Announcements mailing list so you can receive notification from Cumulus Networks whenever we discover a security issue.

All our security issues are tracked on the mailing list and referenced in this article.

Security Policy

Since Cumulus Linux is based on the Debian distribution, Cumulus Networks will, within a reasonable time frame, address security problems in accordance with the Debian policies in place.

Every Cumulus Linux release will include all applicable security patches available prior to the build date. Any new vulnerabilities listed by Debian after the release will be evaluated and made available as a package update in the Cumulus Linux repository.

Upgrading Cumulus Linux for Security Updates

When Cumulus Networks or issues a critical security update, Cumulus Networks will update Cumulus Linux and describe the nature of the update in an article in the Security section of the knowledge base. Other security fixes are added to the Cumulus repositories without announcements (Debian announces all security updates).

If the article does not specify a procedure for upgrading Cumulus Linux, follow these steps instead:

  1. Run apt-get update.
  2. Run apt-get upgrade.

Do not install security patches from Debian directly unless you have consulted with Cumulus Networks directly.

Discovering Security Issues

Users who become aware of a security vulnerability in Cumulus Linux should contact Cumulus Networks with details of the vulnerability. Please send descriptions of any vulnerabilities to

Any vulnerability reported through our customers, and not yet reported by Debian will be reported to the Debian security team ( or and a bug will be filed in Debian BTS with a tag of security.

In addition, Cumulus Networks will work in conjunction with Debian’s security team to resolve the issue in a timely manner and publish an advisory as quickly as possible.

Contacting the Cumulus Networks Security Team

As noted above, please contact us at with any security-related questions and issues.