Zenbleed and OpenSSH agent vulnerabilities and their impact on VyOS
Hello, Community! Recently, two severe vulnerabilities were discovered by security researchers. One of them is nicknamed Zenbleed (CVE-2023-20593) and affects a...
Category: VyOS Platform Blog | security
Recent OpenSSL vulnerabilities do not affect any VyOS versions
Many people are concerned about recently announced OpenSSL vulnerabilities (CVE-2022-3786 and CVE-2022-3602). However, none of the VyOS versions ever released a...
The future of VyOS image signature verification
There's one thing about our releases that we introduced quietly and neglected to explain to those unfamiliar with it: minisign signatures. Let's discuss why we ...
The post categories:
security
VyOS 1.3.1-S1 security release
Hello Community! VyOS 1.3.1-S1 security release is now available to customers and contributors to download, and everyone can build it from the source. It fixes ...
CVE-2022-0778: remote DoS in OpenSSL, VyOS 1.3.0 is affected
Hello Community! Yesterday the OpenSSL team disclosed a remote DoS vulnerability in OpenSSL versions 1.0.2, 1.1.1, and 3.0. You can find a complete description ...
Log4Shell vulnerability
Hello Community! Everyone is talking about the CVE-2021-44228 vulnerability recently found in the Log4j logging library, which was nicknamed Log4Shell because i...
VyOS 1.2.6-S1 security release
VyOS 1.2.6 release was found to be suspectible to CVE-2020-10995. It's a low-impact vulnerability in the PowerDNS recursor that allows an attacker to cause perf...
CVE-2019-11477 (TCP SACK panic) and an Intel i40e driver issue
Recently discovered vulnerability in the Linux kernel's TCP selective acknowledgement processing code potentially allows a remote attacker to cause a kernel pan...
The "operator" level is proved insecure and will be removed in the next releases
The operator level in VyOS is a legacy feature that was inherited from the forked Vyatta Core code. It was always relatively obscure, and I don't think anyone r...
