VyOS 1.2.6-S1 security release
VyOS 1.2.6 release was found to be suspectible to CVE-2020-10995. It's a low-impact vulnerability in the PowerDNS recursor that allows an attacker to cause perf...
Category: VyOS Platform Blog | security (3)
CVE-2019-11477 (TCP SACK panic) and an Intel i40e driver issue
Recently discovered vulnerability in the Linux kernel's TCP selective acknowledgement processing code potentially allows a remote attacker to cause a kernel pan...
The "operator" level is proved insecure and will be removed in the next releases
The operator level in VyOS is a legacy feature that was inherited from the forked Vyatta Core code. It was always relatively obscure, and I don't think anyone r...
On security of GRE/IPsec scenarios
As we've already discussed, there are many ways to setup GRE (or something else) over IPsec and they all have their advantages and disadvantages. Recently an is...
The meltdown and spectre vulnerabilities
Everyone is talking about the meltdown and the spectre vulnerabilities now. If you are late to the party, read https://meltdownattack.com/ Of course we are awar...
Update on the AWS SSH key fetching issue
We have fixed the issue with key fetching and submitted the updated AMI for review. It passed the automated scan, but manual review and deployment to the market...
1.1.7 maintenance release
1.1.7 maintenance release is available for download: http://packages.vyos.net/iso/release/1.1.7/ (mirrors are syncing up).
CVE-2015-7547
We know you are concerned (or should be concerned) with the vulnerability in glibc’s getaddrinfo() that allows remote code execution via specially crafted DNS r...
DSA-3446-1 (SSH vulnerability)
This is a late update, and I’m definitely sorry for being late, but I promised to write it so I have to!
CVE-2015-5366, 1.1.6 maintenance release, and the new public key
1.1.6 maintenance release is available for download from the primary server (mirrors are still syncing up).
