VyOS Platform Blog

Building an open source network OS for the people, together.

CVE-2015-5366, 1.1.6 maintenance release, and the new public key

Daniil Baturin
Posted 17 Aug, 2015

1.1.6 maintenance release is available for download from the primary server (mirrors are still syncing up).

This release fixes CVE-2015-5366 (remote DoS in the kernel), and some more or less nasty bugs in VyOS itself. You can find the full list in the release notes.

The kernel vulnerability potentially allows a remote attacker to send your system into an infinite loop, so you are encouraged to upgrade.

New public key

It’s time to update our release signing key. The old one is two years old, and it uses an outdated maintainers email.

These images are signed with the old key, but inside there is the new key, so when you update to the upcoming 1.2.0-beta release from 1.1.6, verification will be automated. If you choose to upgrade from 1.1.5 or an older release, you will have to import the key and verify release integrity by hand, but you’ll also have an option to upgrade to 1.1.6 first of course.

The new key is A0FE6D7E. Please sign it with your own keys and upload the signatures. If you have any doubts about its authenticity, you can email to daniil at baturin dot org or maintainers at vyos dot net, and I’ll reply with a signed message containing the fingerprint.

The post categories:

Comments