The meltdown and spectre vulnerabilities
Everyone is talking about the meltdown and the spectre vulnerabilities now. If you are late to the party, read https://meltdownattack.com/ Of course we are awar...
Category: VyOS Platform Blog | security (3)
Update on the AWS SSH key fetching issue
We have fixed the issue with key fetching and submitted the updated AMI for review. It passed the automated scan, but manual review and deployment to the market...
1.1.7 maintenance release
1.1.7 maintenance release is available for download: http://packages.vyos.net/iso/release/1.1.7/ (mirrors are syncing up).
CVE-2015-7547
We know you are concerned (or should be concerned) with the vulnerability in glibc’s getaddrinfo() that allows remote code execution via specially crafted DNS r...
DSA-3446-1 (SSH vulnerability)
This is a late update, and I’m definitely sorry for being late, but I promised to write it so I have to!
CVE-2015-5366, 1.1.6 maintenance release, and the new public key
1.1.6 maintenance release is available for download from the primary server (mirrors are still syncing up).
OpenSSL vulnerabilities
Multiple vulnerabilities were discovered and fixed in OpenSSL.
CVE-2015-0235
You’ve probably heard of CVE-2015-0235 already: buffer overflow in glibc gethostbyname() function allows for arbitrary code execution.
NTP vulnerability update
Squeeze-LTS team imported patches for those vulnerabilities, so it’s probably the best to take the path of least resistance and just use those.
CVE-2014-9295: arbitrary code execution in NTPd
A recently discovered vulnerability in NTPd allows remote code execution.
