Defects
The defects that have been resolved in this release are detailed in this section.
Security vulnerabilities
Security issues have been resolved in this release.
| Key | Summary |
|---|---|
| [DSA 4497-1] linux security update (VRVDR-47897) | CVE-2015-8553, CVE-2018-5995, CVE-2018-20836, CVE-2018-20856, CVE-2019-1125, CVE-2019-3882, CVE-2019-3900, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-13631, CVE-2019-13648, CVE-2019-14283, CVE-2019-14284 |
| Debian DSA-4506-1 : qemu - security update (VRVDR-48074) | CVE-2018-20815, CVE-2019-13164, CVE-2019-14378 |
| [DSA 4511-1] nghttp2 security update (VRVDR-48132) | CVE-2019-9511, CVE-2019-9513 |
| [DSA 4512-1] qemu security update (VRVDR-48133) | CVE-2019-13164, CVE-2019-14378 |
| Debian DSA-4530-1 : expat - security update (VRVDR-48389) | CVE-2019-15903 |
| Debian DSA-4531-1 : linux - security update (VRVDR-48412) | CVE-2019-14821, CVE-2019-14835, CVE-2019-15117, CVE-2019-15118, CVE-2019-15902 |
| Debian DSA-4535-1 : e2fsprogs - security update (VRVDR-48446) | CVE-2019-5094 |
| Debian DSA-4539-1 : openssl - security update (VRVDR-48502) | CVE-2019-1547, CVE-2019-1549, CVE-2019-1563 |
| Debian DSA-4543-1 : sudo - security update (VRVDR-48652) | CVE-2019-14287 |
| [DSA 4544-1] unbound security update (VRVDR-48691) | CVE-2019-16866 |
| Debian DSA-4547-1 : tcpdump - security update (VRVDR-48691) | CVE-2018-10103, CVE-2018-10105, CVE-2018-14461, CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465, CVE-2018-14466, CVE-2018-14467, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14879, CVE-2018-14880, CVE-2018-14881, CVE-2018-14882, CVE-2018-16227, CVE-2018-16228, CVE-2018-16229, CVE-2018-16230, CVE-2018-16300, CVE-2018-16451, CVE-2018-16452, CVE-2019-15166 |
| Debian DSA-4550-1 : file - security update (VRVDR-48841) | CVE-2019-18218 |
| DPDK leaking resources (VRVDR-49058) | CVE-2019-14818 |
| Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials (VRVDR-49155) | CVE-2018-5265 |
Resolved issues
Customer issues have been resolved in this release.
| Component | Key | Summary |
|---|---|---|
| Dataplane | VRVDR-46417 | Dataplane is sending GRE packets sourced from non-exist VRRP VIP when router is BACKUP |
| NAT | VRVDR-47596 | NAT used count is showing count larger than total available (Cosmetic issue) |
| OSPF | VRVDR-48415 | OSPF flap to INIT state when changing (add or delete) network statements in OSPF |
| IPsec | VRVDR-48585 | ICMP Unreachable not returned when decrypted IPsec packet is too large to pass tunnel interface MTU |
| NAT | VRVDR-48710 | NAT Documentation |
| Firewall | VRVDR-48717 | Resources group address-group address-range entries do not work together with address entries |
| Documentation | VRVDR-48879 | Documentation - Basic_Routing_Configuration_5600 17.2.0 incorrect diagram |
| Logging | VRVDR-48992 | syslog generates message Child xxxxx has terminated, reaped by main-loop at wrong priority |
| IPsec | VRVDR-49060 | RA VPN: no ESP traffic from Hub to Spoke |
| Logging | VRVDR-49137 | Syslog rate-limit not respected for above 65000 messages per interval |
Known issues
The known issues in this release have been identified.
| Component | Key | Summary |
|---|---|---|
| Bonding | VRVDR-49273 | CPE traffic inbound to Vyatta based VPN servers suddenly drop to a flat 500Mbps throughput |
| Bridging | VRVDR-49427 | Bridge commit failure when changing both max-age and forwarding-delay The order in which the bridge spanning-tree max-age and forwarding-delay attributes are configured is important. The overall relationship must be such that 2*(forwarding-delay-1) >= max-age (which is enforced by the YANG definition). However care must be taken to ensure that the relationship is maintained as each individual value is updated. For example if forwarding-delay is currently 15 and max-age is 20 (the default values) and both attributes need to be set to 10, then set max- age first (2*(15-1) >= 10), followed by forwarding-delay (2*(10-1) >= 10). Making the changes in the reverse order results in an internal error and a failure to update the bridge values (2*(10-1) < 20). |