VyOS Platform Blog

Building an open source network OS for the people, together.

Filter by:
test down

Select Category

or
Filter by:
test down

Select Category

or

Category: VyOS Platform Blog | security

Daniil Baturin
Posted 28 Sep, 2020

VyOS 1.2.6-S1 security release

VyOS 1.2.6 release was found to be suspectible to CVE-2020-10995. It's a low-impact vulnerability in the PowerDNS recursor that allows an attacker to cause perf...
The post categories:
Daniil Baturin
Posted 18 Jun, 2019

CVE-2019-11477 (TCP SACK panic) and an Intel i40e driver issue

Recently discovered vulnerability in the Linux kernel's TCP selective acknowledgement processing code potentially allows a remote attacker to cause a kernel pan...
The post categories:
Daniil Baturin
Posted 1 Nov, 2018

The "operator" level is proved insecure and will be removed in the next releases

The operator level in VyOS is a legacy feature that was inherited from the forked Vyatta Core code. It was always relatively obscure, and I don't think anyone r...
The post categories:
Daniil Baturin
Posted 27 Apr, 2018

On security of GRE/IPsec scenarios

As we've already discussed, there are many ways to setup GRE (or something else) over IPsec and they all have their advantages and disadvantages. Recently an is...
The post categories:
Daniil Baturin
Posted 4 Jan, 2018

The meltdown and spectre vulnerabilities

Everyone is talking about the meltdown and the spectre vulnerabilities now. If you are late to the party, read https://meltdownattack.com/  Of course we are awa...
The post categories:
Daniil Baturin
Posted 22 Oct, 2017

Update on the AWS SSH key fetching issue

We have fixed the issue with key fetching and submitted the updated AMI for review. It passed the automated scan, but manual review and deployment to the market...
The post categories:
Daniil Baturin
Posted 17 Feb, 2016

1.1.7 maintenance release

1.1.7 maintenance release is available for download: http://packages.vyos.net/iso/release/1.1.7/ (mirrors are syncing up).
The post categories:
Daniil Baturin
Posted 16 Feb, 2016

CVE-2015-7547

We know you are concerned (or should be concerned) with the vulnerability in glibc’s getaddrinfo() that allows remote code execution via specially crafted DNS r...
The post categories:
Daniil Baturin
Posted 19 Jan, 2016

DSA-3446-1 (SSH vulnerability)

This is a late update, and I’m definitely sorry for being late, but I promised to write it so I have to!
The post categories:
Daniil Baturin
Posted 17 Aug, 2015

CVE-2015-5366, 1.1.6 maintenance release, and the new public key

1.1.6 maintenance release is available for download from the primary server (mirrors are still syncing up).
The post categories: