1.1.0 preview image update
Those who are using 1.1.0-beta can install an updated image from the build system that includes updates for the shellshock vulnerability.
Category: VyOS Platform Blog | security (4)
1.0.5 security release
1.0.5 release images are available for download from packages.vyos.net, and soon will be available from mirrors when they sync.
bash and apt vulnerabilities
Recently discovered vulnerabilities in bash and APT are low risk for VyOS, since it doesn’t use CGI scripts written in bash and APT is not normally used for upg...
CVE-2014-4607
There is a vulnerability in LZO implementation discovered recently.
OpenSSL vulnerabilities
As you should already know, several security vulnerabilities in OpenSSL were discovered recently.
GNUTLS-SA-2014-3
A security issue in GnuTLS (GNUTLS-SA-2014-3) can cause client memory corruption if the server sends specially crafted ServerHello.
CVE-2014-0160
VyOS 1.0.x uses OpenSSL 0.9.8o, and thus is not affected by CVE-2014-0160. No action is needed.
GNUTLS-SA-2014-2
In a nutshell: nothing really uses it in VyOS so we think it’s not enough to trigger maintenance release.
