Release notes

Getting started Overview Architecture Supported platforms Release notes White papers

Getting started Overview Architecture Supported platforms Release notes White papers

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Release notes

Release notes On this page:

Release notes

VNOS release notes 2308

VNOS release notes 2208

VNOS release notes 2204

VNOS release notes 2110

VNOS release notes 2105

VNOS release notes 2012

VNOS release notes 2009

VNOS release notes 2005

VNOS release notes 1912

VNOS release notes 1908

VNOS release notes 1903

VNOS release notes 1811

VNOS release notes 1808

VNOS release notes 1805

VNOS release notes 1801

Defects

Defects

MIB data has been updated in this release.

Security vulnerabilities

Security issues have been resolved in this release.


Key	Summary
CVE-2017-11408, CVE-2017-13766, CVE-2017-17083, CVE-2017-17084, CVE-2017-17085	Debian DSA-4060-1 : wireshark - security update (VRVDR-39734)
CVE-2017-8816, CVE-2017-8817	DSA-4051-1 curl -- security update (VRVDR-39552)
CVE-2017-14316, CVE-2017-14317, CVE-2017-14318, CVE-2017-14319, CVE-2017-15588, CVE-2017-15589, CVE-2017-15590, CVE-2017-15592, CVE-2017-15593, CVE-2017-15594, CVE-2017-15595, CVE-2017-15597, CVE-2017-17044, CVE-2017-17045, CVE-2017-17046	DSA-4050-1 xen -- security update (VRVDR-39551)
CVE-2017-10672	DSA-4042-1 libxml-libxml-perl -- security update (VRVDR-39363)
CVE-2017-0898, CVE-2017-0903, CVE-2017-10784, CVE-2017-14033	DSA-4031-1 ruby2.3 -- security update (VRVDR-39313)
CVE-2017-3735, CVE-2017-3736	DSA-4018-1 openssl - security update (VRVDR-39248)
CVE-2017-16227	DSA-4011-1 quagga -- security update (VRVDR-39206)
CVE-2017-1000257	Debian DSA-4007-1 : curl - security update (VRVDR-39182)
CVE-2017-1000256	DSA-4003-1 libvirt -- security update (VRVDR-39125)
CVE-2017-7805	Debian DSA-3998-1 : nss - security update (VRVDR-38972)
CVE-2017-1000100, CVE-2017-1000101,CVE-2017-1000254	Debian DSA-3992-1 : curl - security update (VRVDR-38890)
CVE-2017-9375, CVE-2017-12809, CVE-2017-13672, CVE-2017-13711, CVE-2017-14167	DSA-3991-1 qemu -- security update (VRVDR-38841)
CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496	DSA-3989-1 dnsmasq -- security update (VRVDR-38819)
CVE-2017-14062	DSA-3988-1 libidn2-0 -- security update (VRVDR-38806)
CVE-2017-7518, CVE-2017-7558, CVE-2017-10661, CVE-2017-11600, CVE-2017-12134, CVE-2017-12146, CVE-2017-12153, CVE-2017-12154, CVE-2017-14106, CVE-2017-14140, CVE-2017-14156, CVE-2017-14340, CVE-2017-14489, CVE-2017-14497, CVE-2017-1000111, CVE-2017-1000112, CVE-2017-1000251, CVE-2017-1000252, CVE-2017-1000370, CVE-2017-1000371, CVE-2017-1000380	DSA-3981-1 linux -- security update (VRVDR-38517)
CVE-2017-11108, CVE-2017-11541, CVE-2017-11542, CVE-2017-11543, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12989, CVE-2017-12990, CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12995, CVE-2017-12996, CVE-2017-12997, CVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010, CVE-2017-13011, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014, CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022, CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026, CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030, CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034, CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042, CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046, CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050, CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054, CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, CVE-2017-13690, CVE-2017-13725	DSA-3971-1 tcpdump security update (VRVDR-38266)
CVE-2017-14482	Debian DSA-3970-1 emacs24 - security update (VRVDR-38265)
CVE-2015-9096, CVE-2016-7798, CVE-2017-0899, CVE-2017-0900, CVE-2017-0901, CVE-2017-14064	Debian DSA-3966-1 : ruby2.3 - security update (VRVDR-38172)
CVE-2017-1000249	Debian DSA-3965-1 : file - security update (VRVDR-38171)
CVE-2017-11185	DSA-3962-1 strongswan security update (VRVDR-38153)
CVE-2017-0379	Debian DSA-3959-1 : libgcrypt20 - security update (VRVDR-38114)
CVE-2017-0663, CVE-2017-7375, CVE-2017-7376, CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050	Debian DSA-3952-1 : libxml2 - security update (VRVDR-38061)
CVE-2014-9940, CVE-2017-7346, CVE-2017-7482, CVE-2017-7533, CVE-2017-7541, CVE-2017-7542, CVE-2017-7889, CVE-2017-9605, CVE-2017-10911, CVE-2017-11176, CVE-2017-1000363, CVE-2017-1000365	Debian DSA-3945-1 linux security update (VRVDR-38027)
CVE-2013-5211	Network Time Protocol (NTP) Mode 6 Scanner (VRVDR-37993)
CVE-2017-7346, CVE-2017-7482, CVE-2017-7533, CVE-2017-7541, CVE-2017-7542, CVE-2017-9605, CVE-2017-10810, CVE-2017-10911, CVE-2017-11176, CVE-2017-1000365	DSA-3927-1 linux security update (VRVDR-37959)
CVE-2017-9310, CVE-2017-9330, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375, CVE-2017-9524, CVE-2017-10664, CVE-2017-10911	DSA-3920-1 qemu security update (VRVDR-37889)
CVE-2017-3142, CVE-2017-3143	Debian DSA-3904-1 : bind9 - security update (VRVDR-37772)
CVE-2017-7526	Debian DSA-3901-1 : libgcrypt20 - security update (VRVDR-37751)
CVE-2017-7479, CVE-2017-7508, CVE-2017-7520, CVE-2017-7521	Debian DSA-3900-1 : openvpn - security update (VRVDR-37707)
CVE-2016-9063, CVE-2017-9233	Debian DSA-3898-1 expat - security update (VRVDR-37694)
CVE-2017-1000376	libffi security update (VRVDR-37647)
CVE-2017-1000366	DSA-3887-1glibc security update (VRVDR-37644)
CVE-2016-10324, CVE-2016-10325, CVE-2016-10326, CVE-2017-7853	Debian DSA-3879-1 : libosip2 - security update (VRVDR-37625)
CVE-2017-9526	libgcrypt20 security update (VRVDR-37615)
CVE-2008-5161	A vulnerability exists in SSH messages that employ CBC mode (VRVDR-33124)
CVE-2016-3739	The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c (VRVDR-28781)
CVE-2014-9761	Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) (VRVDR-28636)
CVE-2017-16548, CVE-2017-17433, CVE-2017-17434	DSA-4068-1 rsync -- security update (VRVDR-39820)
CVE-2017-16536, CVE-2017-1000405	linux security update (VRVDR-39830)

Resolved issues

Customer issues have been resolved in this release.


Component	Priority	Key	Summary
Interfaces	Major	VRVDR-39507	some vLAN configuration operations fail leaving interface non-operational
OpenVPN	Major	VRVDR-39177	OpenVPN server domain-name option not being applied with --push dhcp-option
System	Major	VRVDR-39165	Why does cloud-init take so long to boot and is throwing errors?
Firewall	Minor	VRVDR-38960	Cannot assign loop-back interface to a transit zone. It is part of local-zone. error when lo interface is added to a firewall zone
BGP	Major	VRVDR-38913	iBGP updates sent sooner than MRAI for same route w/ ebgp-multihop 1 configured on ebgp peer
Interfaces	Minor	VRVDR-38506	VLAN subinterface counters are incorrect if QOS shaper is applied
OpenVPN	Major	VRVDR-38196	OpenVPN server doesn't push routes to the client
BGP	Major	VRVDR-38162	Please explain relationship of un-reachability-half-life parameter to BGP Dampening Penalty and Suppression Algorithm
System	Major	VRVDR-38150	set system ip arp does not give any options / what is the purpose of this command?
BGP	Major	VRVDR-38148	Displayed reuse time can become greater than max-suppress-time if dampened route is in history but not in RIB.
RIP	Major	VRVDR-38137	RIP Network Admin Distance command does not work
DHCP	Minor	VRVDR-38083	syntax warning when deleting a dhcp lease from database
IPsec/VPN	Minor	VRVDR-38075	When restart vpn is issued from responder, initiator does not re-establish connection
Operational Infrastructure	Minor	VRVDR-37958	The show login and show login level commands reports Admin as Superuser
BGP	Minor	VRVDR-37906	BGP updates are observed sooner than the MinRouteAdvertisementIntervalTimer configured through advertisement-interval
SNMP	Minor	VRVDR-37829	SNMP port number is not changing from default 161
GUI	Minor	VRVDR-37819	ping process keeps running in background if started from Web GUI
IPsec/VPN	Blocker	VRVDR-37741	IKE cannot complete initialization when interesting traffic is UDP
VRRP	Minor	VRVDR-37730	vRouter 5.2R4 is not responding to KEEPALIVED-MIB query after reboot
Entitlement	Minor	VRVDR-37717	Rename hard-enf (build B) Description and License fields in version output
OSPF	Minor	VRVDR-37706	show ip OSPF neighbor summary command is unreadable
IPv6	Critical	VRVDR-37696	IPv6 basic connectivity with vLAN tagging not working
DPDK	Major	VRVDR-37689	High rate of NIC PF interrupts
System	Minor	VRVDR-37617	After NTP configuration commit a message VMware-toolbox-cmd is returned When config NTP after commit - message vmware-toolbox-cmd message is returned
Firewall	Minor	VRVDR-37315	Used field becomes negative in show session-table statistics
DPDK	Major	VRVDR-37052	Intel i210 NIC reports no-carrier
RA_VPN	Major	VRVDR-36378	Client behind NAT is unable to connect to L2TP server
GRE	Major	VRVDR-13641	adding a gre tunnel to a bridge-group causes commit to fail without error message

Known issues

The known issues in this release have been identified.


Component	Key	Summary
TACACS	VRVDR-15866	TACACS Authentication/Authorization and Accounting out of sync after TACACS servers went offline/online and TACACS user exits session.
Bonding	VRVDR-39750	The 'show interface dataplane <bond-vif>' CLI shows interface statistics but is not a tab completion option under 'show interface dataplane'
Firewall	VRVDR-39772	The 'show log' and 'show log firewall name <FW-RULE>' command no longer displays firewall logs
Firewall	VRVDR-38978	ZBF doesn't allow stateful tracking for locally sourced traffic
QinQ	VRVDR-39860	Commit doesn't complete and Rollback doesn't complete properly
GRE	VRVDR-39863	VRRP fails over when customer removes routing-instance with GRE associated and tunnel local-address is part of VRRP
GRE	VRVDR-39985	TCP DF Packets larger than GRE tunnel MTU are dropped with no ICMP fragmentation needed returned
Firewall	VRVDR-39991	Stateful firewall drops packets between 2 subnets on the same interface
NAT	VRVDR-40210	Traceroute does not work when SNAT is enabled on vNAT
NAT	VRVDR-40211	delete session-table source <IP-address:port> and delete session-table destination <IP-address:port> do not work

On this page:

Security vulnerabilities
Resolved issues
Known issues

Last updated: October 6, 2022

Helpful Links

Key Resources

Get Started An introduction to the Ciena Vyatta NOS

The Vyatta NOS Overview Get to know more about how Vyatta NOS is the best solution

Vyatta NOS Architecture Overview An overview of the Vyatta NOS system architecture

Troubleshooting Guide Identify common issues with your configuration and network setup

Copyright © 2023 Ciena Corporation. All rights reserved