This knowledge base has moved to the documentation site. Please visit the knowledge base here for the most up to date content. This site is no longer maintained.

Security Responses and Updates


Cumulus Networks believes in the Linux model of security through transparency. Cumulus Networks constantly monitors security advisories and will provide updated packages and notify users when major vulnerabilities affect Cumulus Linux.

Subscribe to our mailing list at so you can receive notification from Cumulus Networks whenever we discover a security issue.

All our security issues are tracked on the mailing list and referenced in this article.


Security Policy

Since Cumulus Linux is based on the Debian distribution, Cumulus Networks will, within a reasonable time frame, address security problems in accordance with the Debian policies in place.

Every Cumulus Linux release will include all applicable security patches available prior to the build date. Any new vulnerabilities listed by Debian after the release will be evaluated and made available as a package update via

Upgrading Cumulus Linux for Security Updates

When Cumulus Networks or issues a critical security update, Cumulus Networks will update Cumulus Linux and describe the nature of the update in an article in the Security section of the Help Center. Other security fixes are added to the Cumulus repositories without announcements (Debian announces all security updates). 

If the article does not specify a procedure for upgrading Cumulus Linux, follow these steps instead:

  1. Run apt-get update.
  2. Run apt-get upgrade.

Caution: If you are running Cumulus Linux 2.5 ESR or earlier, and you want to install only the security upgrades instead of the complete set of packages, before you upgrade, remove the word updates from the main addons updates entry in /etc/apt/sources.list

deb CumulusLinux-VERSION main addons updates #REMOVE THIS LAST WORD
deb CumulusLinux-VERSION security-updates

When you finish upgrading, add the word updates to the end of the main addons entry in /etc/apt/sources.list.

Warning! Do not install security patches from Debian directly unless you have consulted with Cumulus Networks directly.

Discovering Security Issues

Users who become aware of a security vulnerability in Cumulus Linux should contact Cumulus Networks with details of the vulnerability. Please send descriptions of any vulnerabilities to 

Any vulnerability reported through our customers, and not yet reported by Debian will be reported to the Debian security team ( or and a bug will be filed in Debian BTS with a tag of security.

In addition, Cumulus Networks will work in conjunction with Debian's security team to resolve the issue in a timely manner and publish an advisory as quickly as possible.

Contacting Cumulus Networks' Security Team

As noted above, please contact us at with any security-related questions and issues.


This support portal has moved

Cumulus Networks is now part of the NVIDIA Networking Business Unit! The NVIDIA Cumulus Global Support Services (GSS) team has merged its operations with the NVIDIA Mellanox support services team.

You can access NVIDIA Cumulus support content from the Mellanox support portal.

You open and update new cases on the Mellanox support portal. Any previous cases that have been closed have been migrated to the Mellanox support portal.

Cases that are still open on the Cumulus portal will continue to be managed on the Cumulus portal. Once these cases close, they will be moved to the Mellanox support portal.

Powered by Zendesk