Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Show Page Sections


The defects that have been resolved in this release are detailed in this section.

Security vulnerabilities

Security issues have been resolved in this release.

CVE-2017-11408, CVE-2017-13766, CVE-2017-17083, CVE-2017-17084, CVE-2017-17085Debian DSA-4060-1 : wireshark - security update (VRVDR-39734)
CVE-2017-8816, CVE-2017-8817DSA-4051-1 curl -- security update (VRVDR-39552)
CVE-2017-14316, CVE-2017-14317, CVE-2017-14318, CVE-2017-14319, CVE-2017-15588, CVE-2017-15589, CVE-2017-15590, CVE-2017-15592, CVE-2017-15593, CVE-2017-15594, CVE-2017-15595, CVE-2017-15597, CVE-2017-17044, CVE-2017-17045, CVE-2017-17046DSA-4050-1 xen -- security update (VRVDR-39551)
CVE-2017-10672DSA-4042-1 libxml-libxml-perl -- security update (VRVDR-39363)
CVE-2017-0898, CVE-2017-0903, CVE-2017-10784, CVE-2017-14033DSA-4031-1 ruby2.3 -- security update (VRVDR-39313)
CVE-2017-3735, CVE-2017-3736DSA-4018-1 openssl - security update (VRVDR-39248)
CVE-2017-16227DSA-4011-1 quagga -- security update (VRVDR-39206)
CVE-2017-1000257Debian DSA-4007-1 : curl - security update (VRVDR-39182)
CVE-2017-1000256DSA-4003-1 libvirt -- security update (VRVDR-39125)
CVE-2017-7805Debian DSA-3998-1 : nss - security update (VRVDR-38972)
CVE-2017-1000100, CVE-2017-1000101,CVE-2017-1000254Debian DSA-3992-1 : curl - security update (VRVDR-38890)
CVE-2017-9375, CVE-2017-12809, CVE-2017-13672, CVE-2017-13711, CVE-2017-14167DSA-3991-1 qemu -- security update (VRVDR-38841)
CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496DSA-3989-1 dnsmasq -- security update (VRVDR-38819)
CVE-2017-14062DSA-3988-1 libidn2-0 -- security update (VRVDR-38806)
CVE-2017-7518, CVE-2017-7558, CVE-2017-10661, CVE-2017-11600, CVE-2017-12134, CVE-2017-12146, CVE-2017-12153, CVE-2017-12154, CVE-2017-14106, CVE-2017-14140, CVE-2017-14156, CVE-2017-14340, CVE-2017-14489, CVE-2017-14497, CVE-2017-1000111, CVE-2017-1000112, CVE-2017-1000251, CVE-2017-1000252, CVE-2017-1000370, CVE-2017-1000371, CVE-2017-1000380DSA-3981-1 linux -- security update (VRVDR-38517)
CVE-2017-11108, CVE-2017-11541, CVE-2017-11542, CVE-2017-11543, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12989, CVE-2017-12990, CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12995, CVE-2017-12996, CVE-2017-12997, CVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010, CVE-2017-13011, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014, CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022, CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026, CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030, CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034, CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042, CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046, CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050, CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054, CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, CVE-2017-13690, CVE-2017-13725DSA-3971-1 tcpdump security update (VRVDR-38266)
CVE-2017-14482Debian DSA-3970-1 emacs24 - security update (VRVDR-38265)
CVE-2015-9096, CVE-2016-7798, CVE-2017-0899, CVE-2017-0900, CVE-2017-0901, CVE-2017-14064Debian DSA-3966-1 : ruby2.3 - security update (VRVDR-38172)
CVE-2017-1000249Debian DSA-3965-1 : file - security update (VRVDR-38171)
CVE-2017-11185DSA-3962-1 strongswan security update (VRVDR-38153)
CVE-2017-0379Debian DSA-3959-1 : libgcrypt20 - security update (VRVDR-38114)
CVE-2017-0663, CVE-2017-7375, CVE-2017-7376, CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050Debian DSA-3952-1 : libxml2 - security update (VRVDR-38061)
CVE-2014-9940, CVE-2017-7346, CVE-2017-7482, CVE-2017-7533, CVE-2017-7541, CVE-2017-7542, CVE-2017-7889, CVE-2017-9605, CVE-2017-10911, CVE-2017-11176, CVE-2017-1000363, CVE-2017-1000365Debian DSA-3945-1 linux security update (VRVDR-38027)
CVE-2013-5211Network Time Protocol (NTP) Mode 6 Scanner (VRVDR-37993)
CVE-2017-7346, CVE-2017-7482, CVE-2017-7533, CVE-2017-7541, CVE-2017-7542, CVE-2017-9605, CVE-2017-10810, CVE-2017-10911, CVE-2017-11176, CVE-2017-1000365DSA-3927-1 linux security update (VRVDR-37959)
CVE-2017-9310, CVE-2017-9330, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375, CVE-2017-9524, CVE-2017-10664, CVE-2017-10911DSA-3920-1 qemu security update (VRVDR-37889)
CVE-2017-3142, CVE-2017-3143Debian DSA-3904-1 : bind9 - security update (VRVDR-37772)
CVE-2017-7526Debian DSA-3901-1 : libgcrypt20 - security update (VRVDR-37751)
CVE-2017-7479, CVE-2017-7508, CVE-2017-7520, CVE-2017-7521Debian DSA-3900-1 : openvpn - security update (VRVDR-37707)
CVE-2016-9063, CVE-2017-9233Debian DSA-3898-1 expat - security update (VRVDR-37694)
CVE-2017-1000376libffi security update (VRVDR-37647)
CVE-2017-1000366DSA-3887-1glibc security update (VRVDR-37644)
CVE-2016-10324, CVE-2016-10325, CVE-2016-10326, CVE-2017-7853Debian DSA-3879-1 : libosip2 - security update (VRVDR-37625)
CVE-2017-9526libgcrypt20 security update (VRVDR-37615)
CVE-2008-5161A vulnerability exists in SSH messages that employ CBC mode (VRVDR-33124)
CVE-2016-3739The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c (VRVDR-28781)
CVE-2014-9761Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) (VRVDR-28636)
CVE-2017-16548, CVE-2017-17433, CVE-2017-17434DSA-4068-1 rsync -- security update (VRVDR-39820)
CVE-2017-16536, CVE-2017-1000405linux security update (VRVDR-39830)

Resolved issues

Customer issues have been resolved in this release.

Component Priority Key Summary
Interfaces Major VRVDR-39507 some vLAN configuration operations fail leaving interface non-operational
OpenVPN Major VRVDR-39177 OpenVPN server domain-name option not being applied with --push dhcp-option
System Major VRVDR-39165 Why does cloud-init take so long to boot and is throwing errors?
Firewall Minor VRVDR-38960 Cannot assign loop-back interface to a transit zone. It is part of local-zone. error when lo interface is added to a firewall zone
BGP Major VRVDR-38913 iBGP updates sent sooner than MRAI for same route w/ ebgp-multihop 1 configured on ebgp peer
Interfaces Minor VRVDR-38506 VLAN subinterface counters are incorrect if QOS shaper is applied
OpenVPN Major VRVDR-38196 OpenVPN server doesn't push routes to the client
BGP Major VRVDR-38162 Please explain relationship of un-reachability-half-life parameter to BGP Dampening Penalty and Suppression Algorithm
System Major VRVDR-38150 set system ip arp does not give any options /  what is the purpose of this command?
BGP Major VRVDR-38148 Displayed reuse time can become greater than max-suppress-time if dampened route is in history but not in RIB.
RIP Major VRVDR-38137 RIP Network Admin Distance command does not  work
DHCP Minor VRVDR-38083 syntax warning when deleting a dhcp lease from database
IPsec/VPN Minor VRVDR-38075 When restart vpn is issued from responder, initiator does not re-establish connection
Operational Infrastructure Minor VRVDR-37958 The show login and show login level commands reports Admin as Superuser
BGP Minor VRVDR-37906 BGP updates are observed sooner than the MinRouteAdvertisementIntervalTimer configured through advertisement-interval
SNMP Minor VRVDR-37829 SNMP port number is not changing from default 161
GUI Minor VRVDR-37819 ping process keeps running in background if started from Web GUI
IPsec/VPN Blocker VRVDR-37741 IKE cannot complete initialization when interesting traffic is UDP
VRRP Minor VRVDR-37730 vRouter 5.2R4 is not responding to KEEPALIVED-MIB query after reboot
Entitlement Minor VRVDR-37717 Rename hard-enf (build B) Description and License fields in version output
OSPF Minor VRVDR-37706 show ip OSPF neighbor summary command is unreadable
IPv6 Critical VRVDR-37696 IPv6 basic connectivity with vLAN tagging not working
DPDK Major VRVDR-37689 High rate of NIC PF interrupts
System Minor VRVDR-37617 After NTP configuration commit a message VMware-toolbox-cmd is returned When config NTP after commit - message vmware-toolbox-cmd message is returned
Firewall Minor VRVDR-37315 Used field becomes negative in show session-table statistics
DPDK Major VRVDR-37052 Intel i210 NIC reports no-carrier
RA_VPN Major VRVDR-36378 Client behind NAT is unable to connect to L2TP server
GRE Major VRVDR-13641 adding a gre tunnel to a bridge-group causes commit to fail without error message

Known issues

The known issues in this release have been identified.

Component Key Summary
TACACS VRVDR-15866 TACACS Authentication/Authorization and Accounting out of sync after TACACS servers went offline/online and TACACS user exits session.
Bonding VRVDR-39750 The 'show interface dataplane <bond-vif>' CLI shows interface statistics but is not a tab completion option under 'show interface dataplane'
Firewall VRVDR-39772 The 'show log' and 'show log firewall name <FW-RULE>' command no longer displays firewall logs
Firewall VRVDR-38978 ZBF doesn't allow stateful tracking for locally sourced traffic
QinQ VRVDR-39860 Commit doesn't complete and Rollback doesn't complete properly
GRE VRVDR-39863 VRRP fails over when customer removes routing-instance with GRE associated and tunnel local-address is part of VRRP
GRE VRVDR-39985TCP DF Packets larger than GRE tunnel MTU are dropped with no ICMP fragmentation needed returned
Firewall VRVDR-39991 Stateful firewall drops packets between 2 subnets on the same interface
NAT VRVDR-40210 Traceroute does not work when SNAT is enabled on vNAT
NAT VRVDR-40211 delete session-table source <IP-address:port> and delete session-table destination <IP-address:port> do not work