Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Show Page Sections


The defects that have been resolved in this release are detailed in this section.

Security vulnerabilities

Security issues have been resolved in this release.

[DSA 4497-1] linux security update (VRVDR-47897)CVE-2015-8553, CVE-2018-5995, CVE-2018-20836, CVE-2018-20856, CVE-2019-1125, CVE-2019-3882, CVE-2019-3900, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-13631, CVE-2019-13648, CVE-2019-14283, CVE-2019-14284
Debian DSA-4506-1 : qemu - security update (VRVDR-48074)CVE-2018-20815, CVE-2019-13164, CVE-2019-14378
[DSA 4511-1] nghttp2 security update (VRVDR-48132)CVE-2019-9511, CVE-2019-9513
[DSA 4512-1] qemu security update (VRVDR-48133)CVE-2019-13164, CVE-2019-14378
Debian DSA-4530-1 : expat - security update (VRVDR-48389)CVE-2019-15903
Debian DSA-4531-1 : linux - security update (VRVDR-48412)CVE-2019-14821, CVE-2019-14835, CVE-2019-15117, CVE-2019-15118, CVE-2019-15902
Debian DSA-4535-1 : e2fsprogs - security update (VRVDR-48446)CVE-2019-5094
Debian DSA-4539-1 : openssl - security update (VRVDR-48502)CVE-2019-1547, CVE-2019-1549, CVE-2019-1563
Debian DSA-4543-1 : sudo - security update (VRVDR-48652)CVE-2019-14287
[DSA 4544-1] unbound security update (VRVDR-48691)CVE-2019-16866
Debian DSA-4547-1 : tcpdump - security update (VRVDR-48691)CVE-2018-10103, CVE-2018-10105, CVE-2018-14461, CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465, CVE-2018-14466, CVE-2018-14467, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14879, CVE-2018-14880, CVE-2018-14881, CVE-2018-14882, CVE-2018-16227, CVE-2018-16228, CVE-2018-16229, CVE-2018-16230, CVE-2018-16300, CVE-2018-16451, CVE-2018-16452, CVE-2019-15166
Debian DSA-4550-1 : file - security update (VRVDR-48841)CVE-2019-18218
DPDK leaking resources (VRVDR-49058)CVE-2019-14818
Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials (VRVDR-49155)CVE-2018-5265

Resolved issues

Customer issues have been resolved in this release.

Component Key Summary
Dataplane VRVDR-46417 Dataplane is sending GRE packets sourced from non-exist VRRP VIP when router is BACKUP
NAT VRVDR-47596 NAT used count is showing count larger than total available (Cosmetic issue)
OSPF VRVDR-48415 OSPF flap to INIT state when changing (add or delete) network statements in OSPF
IPsec VRVDR-48585 ICMP Unreachable not returned when decrypted IPsec packet is too large to pass tunnel interface MTU
NAT VRVDR-48710 NAT Documentation
Firewall VRVDR-48717 Resources group address-group address-range entries do not work together with address entries
Documentation VRVDR-48879 Documentation - Basic_Routing_Configuration_5600 17.2.0 incorrect diagram
Logging VRVDR-48992 syslog generates message Child xxxxx has terminated, reaped by main-loop at wrong priority
IPsec VRVDR-49060 RA VPN: no ESP traffic from Hub to Spoke
Logging VRVDR-49137 Syslog rate-limit not respected for above 65000 messages per interval

Known issues

The known issues in this release have been identified.

Component Key Summary
Bonding VRVDR-49273 CPE traffic inbound to Vyatta based VPN servers suddenly drop to a flat 500Mbps throughput
Bridging VRVDR-49427

Bridge commit failure when changing both max-age and forwarding-delay

The order in which the bridge spanning-tree max-age and forwarding-delay attributes are configured is important. The overall relationship must be such that 2*(forwarding-delay-1) >= max-age (which is enforced by the  YANG definition). However care must be taken to ensure that the relationship is maintained as each individual value is updated.

For example if forwarding-delay is currently 15 and max-age is 20 (the default values) and both attributes need to be set to 10, then set max- age first (2*(15-1) >= 10), followed by forwarding-delay (2*(10-1) >= 10). Making the changes in the reverse order results in an internal error and a failure to update the bridge values (2*(10-1) < 20).