1.1.7 maintenance release
1.1.7 maintenance release is available for download: http://packages.vyos.net/iso/release/1.1.7/ (mirrors are syncing up).
Category: VyOS Platform Blog | security (3)
CVE-2015-7547
We know you are concerned (or should be concerned) with the vulnerability in glibc’s getaddrinfo() that allows remote code execution via specially crafted DNS r...
DSA-3446-1 (SSH vulnerability)
This is a late update, and I’m definitely sorry for being late, but I promised to write it so I have to!
CVE-2015-5366, 1.1.6 maintenance release, and the new public key
1.1.6 maintenance release is available for download from the primary server (mirrors are still syncing up).
OpenSSL vulnerabilities
Multiple vulnerabilities were discovered and fixed in OpenSSL.
CVE-2015-0235
You’ve probably heard of CVE-2015-0235 already: buffer overflow in glibc gethostbyname() function allows for arbitrary code execution.
NTP vulnerability update
Squeeze-LTS team imported patches for those vulnerabilities, so it’s probably the best to take the path of least resistance and just use those.
CVE-2014-9295: arbitrary code execution in NTPd
A recently discovered vulnerability in NTPd allows remote code execution.
1.1.0 preview image update
Those who are using 1.1.0-beta can install an updated image from the build system that includes updates for the shellshock vulnerability.
1.0.5 security release
1.0.5 release images are available for download from packages.vyos.net, and soon will be available from mirrors when they sync.
