Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Show Page Sections

Defects

The defects that have been resolved in this release are detailed in this section.

Resolved security vulnerabilities

Security issues have been resolved in this release.

Key Summary
Debian DSA-4752-1 : bind9 - security update CVE-2020-8619, CVE-2020-8622, CVE-2020-8623, CVE-2020-8624
Debian DLA-2340-1 : sqlite3 security updateCVE-2018-20346, CVE-2018-20506, CVE-2018-8740, CVE-2019-16168, CVE-2019-20218, CVE-2019-5827, CVE-2019-9936, CVE-2019-9937, CVE-2020-11655, CVE-2020-13434, CVE-2020-13630, CVE-2020-13632, CVE-2020-13871
Debian DLA-2323-1 : linux-5.4 new packageCVE-2019-18814, CVE-2019-18885, CVE-2019-20810, CVE-2020-10766, CVE-2020-10767, CVE-2020-10768, CVE-2020-12655, CVE-2020-12771, CVE-2020-13974, CVE-2020-15393
[DSA 4746-1] net-snmp security update-
Debian DLA-2303-1 : libssh security updateCVE-2020-16135
Debian DLA-2301-1 : json-c security updateCVE-2020-12762
Debian DLA-2290-1 : e2fsprogs security updateCVE-2019-5188
Debian DLA-2295-1 : curl security updateCVE-2020-8177
Debian DSA-4735-1 : grub2 - security updateCVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15706, CVE-2020-15707
[DSA 4733-1] qemu security update-
Debian DLA-2280-1 : python3.7 security updateCVE-2019-18348 CVE-2020-8492 CVE-2020-14422
[DSA 4728-1] qemu security update-
[DSA 4723-1] xen security update-
Insecure temporary file usage in keepalivedCVE-2018-19044 / CVE-2018-19045 / CVE-2018-19046
Debian DSA-4685-1 : apt - security updateCVE-2020-3810

Resolved issues

Customer issues have been resolved in this release.

Component Key Summary
Firewall VRVDR-2668 Configuration fails to load after upgrade from 1801ze to 1912e when firewall rule with port range 0-65535 statement is present
GRE VRVDR-52221 Disabled PMTUD on GRE tunnel causes outer packet to inherit inner packet TTL value
IPSec VRVDR-51643 SNMP Trap not receiving when CHILD_SA deleting
IPSec VRVDR-51543 with multiple peers using the same local-address, no authentication ids, and unique pre-shared-keys IKEv1 based IPsec stuck in 'init' for all but one peer
Logging VRVDR-51008 When the /var/log partition exists journal files from previous installs are retained but not rotated
VRRP VRVDR-50956 VRRP goes into fault state after reboot
Bonding VRVDR-50775 dataplane "PANIC in bond_mode_8023ad_ext_periodic_cb" w/ locally sourced and terminated GRE traffic

Known issues

The known issues in this release have been identified.

Component Key Summary
Firewall VRVDR-52335 L3ACL:egress:BCM Failed to install ACLs with 3 or more matching fields
Dataplane VRVDR-52148 MAC Limiting - some special multicast macs are sw switch & not limited.

Dataplane

Firewall

VRVDR-52404 ICMP error returned with corrupted inner header causes seg-fault when passed through a FW/NAT44/PBR rule with logging enabled
Bonding VRVDR-50429 Missed LACPDU on i40e causing LACP on bonded interface to randomly fail
GUI VRVDR-52546 GUI hangs/loading and finally timeout with an error message on browser