Defects
The defects that have been resolved in this release are detailed in this section.
Resolved security vulnerabilities
Security issues have been resolved in this release.
| Key | Summary |
|---|---|
| Debian DSA-4752-1 : bind9 - security update | CVE-2020-8619, CVE-2020-8622, CVE-2020-8623, CVE-2020-8624 |
| Debian DLA-2340-1 : sqlite3 security update | CVE-2018-20346, CVE-2018-20506, CVE-2018-8740, CVE-2019-16168, CVE-2019-20218, CVE-2019-5827, CVE-2019-9936, CVE-2019-9937, CVE-2020-11655, CVE-2020-13434, CVE-2020-13630, CVE-2020-13632, CVE-2020-13871 |
| Debian DLA-2323-1 : linux-5.4 new package | CVE-2019-18814, CVE-2019-18885, CVE-2019-20810, CVE-2020-10766, CVE-2020-10767, CVE-2020-10768, CVE-2020-12655, CVE-2020-12771, CVE-2020-13974, CVE-2020-15393 |
| [DSA 4746-1] net-snmp security update | - |
| Debian DLA-2303-1 : libssh security update | CVE-2020-16135 |
| Debian DLA-2301-1 : json-c security update | CVE-2020-12762 |
| Debian DLA-2290-1 : e2fsprogs security update | CVE-2019-5188 |
| Debian DLA-2295-1 : curl security update | CVE-2020-8177 |
| Debian DSA-4735-1 : grub2 - security update | CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15706, CVE-2020-15707 |
| [DSA 4733-1] qemu security update | - |
| Debian DLA-2280-1 : python3.7 security update | CVE-2019-18348 CVE-2020-8492 CVE-2020-14422 |
| [DSA 4728-1] qemu security update | - |
| [DSA 4723-1] xen security update | - |
| Insecure temporary file usage in keepalived | CVE-2018-19044 / CVE-2018-19045 / CVE-2018-19046 |
| Debian DSA-4685-1 : apt - security update | CVE-2020-3810 |
Resolved issues
Customer issues have been resolved in this release.
| Component | Key | Summary |
|---|---|---|
| Firewall | VRVDR-2668 | Configuration fails to load after upgrade from 1801ze to 1912e when firewall rule with port range 0-65535 statement is present |
| GRE | VRVDR-52221 | Disabled PMTUD on GRE tunnel causes outer packet to inherit inner packet TTL value |
| IPSec | VRVDR-51643 | SNMP Trap not receiving when CHILD_SA deleting |
| IPSec | VRVDR-51543 | with multiple peers using the same local-address, no authentication ids, and unique pre-shared-keys IKEv1 based IPsec stuck in 'init' for all but one peer |
| Logging | VRVDR-51008 | When the /var/log partition exists journal files from previous installs are retained but not rotated |
| VRRP | VRVDR-50956 | VRRP goes into fault state after reboot |
| Bonding | VRVDR-50775 | dataplane "PANIC in bond_mode_8023ad_ext_periodic_cb" w/ locally sourced and terminated GRE traffic |
Known issues
The known issues in this release have been identified.
| Component | Key | Summary |
|---|---|---|
| Firewall | VRVDR-52335 | L3ACL:egress:BCM Failed to install ACLs with 3 or more matching fields |
| Dataplane | VRVDR-52148 | MAC Limiting - some special multicast macs are sw switch & not limited. |
Dataplane Firewall | VRVDR-52404 | ICMP error returned with corrupted inner header causes seg-fault when passed through a FW/NAT44/PBR rule with logging enabled |
| Bonding | VRVDR-50429 | Missed LACPDU on i40e causing LACP on bonded interface to randomly fail |
| GUI | VRVDR-52546 | GUI hangs/loading and finally timeout with an error message on browser |