Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Show Page Sections

Defects

The defects that have been resolved in this release are detailed in this section.

Resolved security vulnerabilities

Security issues have been resolved in this release.

When multiple CVE numbers are addressed in a single issue, the highest CVSS score is listed.

For more information on Debian advisories, see https://www.debian.org/security.

Table 1. Resolved security vulnerabilities
Issue NumberCVSS scoreDebian AdvisorySummary
VRVDR-45253 7.5 DSA 4375-1 CVE-2019-3813: spice - security update
VRVDR-45035 7.8 DSA 4367-1 CVE-2018-16864, CVE-2018-16865, CVE-2018-16866:  systemd - security update
VRVDR-44747 8.8 DSA 4350-1 CVE-2018-19788: policykit-1 - security update
VRVDR-44634 8.8 DSA 4349-1 CVE-2017-11613, CVE-2017-17095, CVE-2018-10963, CVE-2018-15209, CVE-2018-16335, CVE-2018-17101, CVE-2018-18557, CVE-2018-5784, CVE-2018-7456, CVE-2018-8905: tiff - security update
VRVDR-44633 7.5 DSA 4348-1 CVE-2018-0732, CVE-2018-0734, CVE-2018-0735, CVE-2018-0737, CVE-2018-5407: openssl - security update
VRVDR-44611 9.8 DSA 4347-1 CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314: perl - security update
VRVDR-44371 8.1 DSA 4339-1 CVE-2017-7519, CVE-2018-10861, CVE-2018-1128, CVE-2018-1129: ceph - security update
VRVDR-44348 9.8 DSA 4338-1 CVE-2018-10839, CVE-2018-17962, CVE-2018-17963: qemu – security update
VRVDR-43264 5.6 DSA 4274-1 CVE-2018-3620, CVE-2018-3646: xen – security update

Resolved issues

Customer issues have been resolved in this release.

Table 2. Resolved issues
Component Issue number Priority Summary
ALG VRVDR-44914 Critical RPC ALG crash on both members of HA pair
Bonding VRVDR-45343 Minor 802.3ad bond reports itself as half-duplex
Config Sync VRVDR-45466 Minor IPv6 address not abbreviated when config is loaded via PXE boot causing config-sync issues
Dataplane VRVDR-44406 Critical Dataplane performance impacted by ICMP redirects sent in improper scenario
Flow Accouting VRVDR-44076 Major Memory leak in flow-monitoring leading to dataplane seg-fault and outage
IPsec VRVDR-44657 Major IKEv1 re-key collision causes VTI interface to stay down when tunnels are up
IPv6 VRVDR-44517 Minor Dataplane crashes with panic in rte_ipv6_fragment_packet
Kernel VRVDR-44560 Major Multiple rcu_sched CPU stalls pointing to ip_gre driver
NAT VRVDR-44178 Major NAT drops minimum sized (8 bytes of trigger payload) ICMP error packets
NAT VRVDR-44985 Minor DNAT and input firewall logging/order of operation
OSPF VRVDR-44803 Minor OSPF duplicate router-id log messages
RIB VRVDR-44941 Minor Static route missing in kernel due to brief VTI interface flap

Known issues

The known issues in this release have been identified.

Table 3. Known issues
Component Issue number Priority Summary
REST API VRVDR-45807 Critical REST API & user isolation: op command "spawn" outside the sandbox
Dataplane VRVDR-45565 Minor Output H/W queue drops incrementing after upgrading from 5400 to 5600 1801u
VRRP VRVDR-45187 Minor Customer has multiple Vyattas on 1801r and they are all showing a six hour offset when it comes to VRRP last transition time