Hi, I used Nessus scan and found some packages with security bugs. It doesn’t affect VYOS to much but we need to patch them.
Please see in report.
Found many vulnerabilities with affect Denial of Service.
cuongdt1994 | |
Jun 27 2023, 7:52 PM |
F3793509: image.png | |
Jun 27 2023, 7:54 PM |
F3793507: image.png | |
Jun 27 2023, 7:54 PM |
F3793505: image.png | |
Jun 27 2023, 7:54 PM |
F3793502: image.png | |
Jun 27 2023, 7:54 PM |
F3793500: Router_zyh3oa.html | |
Jun 27 2023, 7:52 PM |
Hi, I used Nessus scan and found some packages with security bugs. It doesn’t affect VYOS to much but we need to patch them.
Please see in report.
Found many vulnerabilities with affect Denial of Service.
I assume this will fix by itself if you build your own 1.3.3 LTS from sources today since 1.3.3 LTS was released in june 2023:
https://blog.vyos.io/vyos-1.3.3-lts-release
Or wait for 1.3.4 LTS to be released (which would also automagically fix most of these findings).
The thing with VyOS builds is that they will use current version of packages for the Debian version the build is based on, which for 1.3 series looks to be Debian 10 buster - where 1.4 series is based on Debian 12 bookworm.
That is if the released 1.3.3 LTS was built mid june 2023 this means if you build 1.3.3 LTS yourself today 25 aug that will include all the fixes that have been released for Debian 10 buster between mid june 2023 until late aug 2023.