CVE-2015-0235
You’ve probably heard of CVE-2015-0235 already: buffer overflow in glibc gethostbyname() function allows for arbitrary code execution.
Category: VyOS Platform Blog | security (4)
NTP vulnerability update
Squeeze-LTS team imported patches for those vulnerabilities, so it’s probably the best to take the path of least resistance and just use those.
CVE-2014-9295: arbitrary code execution in NTPd
A recently discovered vulnerability in NTPd allows remote code execution.
1.1.0 preview image update
Those who are using 1.1.0-beta can install an updated image from the build system that includes updates for the shellshock vulnerability.
1.0.5 security release
1.0.5 release images are available for download from packages.vyos.net, and soon will be available from mirrors when they sync.
bash and apt vulnerabilities
Recently discovered vulnerabilities in bash and APT are low risk for VyOS, since it doesn’t use CGI scripts written in bash and APT is not normally used for upg...
CVE-2014-4607
There is a vulnerability in LZO implementation discovered recently.
OpenSSL vulnerabilities
As you should already know, several security vulnerabilities in OpenSSL were discovered recently.
GNUTLS-SA-2014-3
A security issue in GnuTLS (GNUTLS-SA-2014-3) can cause client memory corruption if the server sends specially crafted ServerHello.
CVE-2014-0160
VyOS 1.0.x uses OpenSSL 0.9.8o, and thus is not affected by CVE-2014-0160. No action is needed.
