How to upgrade packages like openssl, openssh, binutils, dhcpd etc. in vyos


I am running vulnerability scan on my vyos vm and it is showing around 10-15 issues most of them are related to package updation. I created vyos image from the repo and it is using debian 8. How can I update packages into my vyos vm ? Do I need to update my OS ?


When did you built the image? When you build the image via vyos-build, the first step is to install all required pkgs from debian, so they are the latest available via debian repos. Also, vulnerability results can be often false-positives as well, depending on the tool I have seen a lot of bs in these reports.
Can you post one on pastbin or so?


Yes but vyos-build repo uses debian 8 that does not have all the latest packages.
How can I know that the vulnerability is false-positive. I am using openvas.
Following are the vulnerability:
Title: CVE-2016-6304, CVE-2016-6303, CVE-2016-2182, CVE-2106-2177, CVE-2014-9939, CVE-2016-2774, CVE-205-8605, CVE-2016-6302, CVE-2016-2183, CVE-2016-2181, CVE-2016-2180, CVE-2016-2179, CVE-2016-6306, CVE-2016-2178, CVE-2017-15906, CVE-2016-10708, CVE-2016-8858, CVE-2016-0778, CVE-2016-0777,


debian has a security tracker (, there you can query the particular cve.
Which tells you then the status and which flavor is affected (vyos 1.2 uses debian8 aka jessie). shows you that you need at least 1.0.1t-1+deb8u4 installed.
Currently installed is 1.0.1t-1+deb8u8, so that CVE is patched in vyos 1.2.

The other way around is possible as well, so you can have a look at the package status in jessie: under resolved issues you have the patches listed. Does that answer your question?


Yes that answer my question. Thanks @hagbard