Security Responses and Updates
NVIDIA believes in the Linux model of security through transparency. NVIDIA constantly monitors security advisories and provides updated packages and notifies users when major vulnerabilities affect Cumulus Linux.
Because Cumulus Linux is based on Debian, NVIDIA will, within a reasonable time frame, address security problems that adhere to the Debian policies in place.
Every Cumulus Linux release includes all applicable security patches available before the build date. NVIDIA evaluates any new vulnerabilities listed by Debian after the release and addresses them in a package update in the Cumulus Linux repository.
Upgrading Cumulus Linux for Security Updates
When Debian.org issue a critical security update, NVIDIA updates Cumulus Linux. NVIDIA adds other security fixes to the Cumulus Linux repositories (Debian announces all security updates).
If the article does not specify a procedure for upgrading Cumulus Linux, follow these steps instead:
Do not install security patches from Debian directly unless you have consulted with NVIDIA directly.
Discovering Security Issues
If you become aware of a security vulnerability in Cumulus Linux, contact NVIDIA with details of the vulnerability.