Defects
MIB data has been updated in this release.
Security vulnerabilities
Security issues have been resolved in this release.
Key | Summary |
---|---|
CVE-2017-11408, CVE-2017-13766, CVE-2017-17083, CVE-2017-17084, CVE-2017-17085 | Debian DSA-4060-1 : wireshark - security update (VRVDR-39734) |
CVE-2017-8816, CVE-2017-8817 | DSA-4051-1 curl -- security update (VRVDR-39552) |
CVE-2017-14316, CVE-2017-14317, CVE-2017-14318, CVE-2017-14319, CVE-2017-15588, CVE-2017-15589, CVE-2017-15590, CVE-2017-15592, CVE-2017-15593, CVE-2017-15594, CVE-2017-15595, CVE-2017-15597, CVE-2017-17044, CVE-2017-17045, CVE-2017-17046 | DSA-4050-1 xen -- security update (VRVDR-39551) |
CVE-2017-10672 | DSA-4042-1 libxml-libxml-perl -- security update (VRVDR-39363) |
CVE-2017-0898, CVE-2017-0903, CVE-2017-10784, CVE-2017-14033 | DSA-4031-1 ruby2.3 -- security update (VRVDR-39313) |
CVE-2017-3735, CVE-2017-3736 | DSA-4018-1 openssl - security update (VRVDR-39248) |
CVE-2017-16227 | DSA-4011-1 quagga -- security update (VRVDR-39206) |
CVE-2017-1000257 | Debian DSA-4007-1 : curl - security update (VRVDR-39182) |
CVE-2017-1000256 | DSA-4003-1 libvirt -- security update (VRVDR-39125) |
CVE-2017-7805 | Debian DSA-3998-1 : nss - security update (VRVDR-38972) |
CVE-2017-1000100, CVE-2017-1000101,CVE-2017-1000254 | Debian DSA-3992-1 : curl - security update (VRVDR-38890) |
CVE-2017-9375, CVE-2017-12809, CVE-2017-13672, CVE-2017-13711, CVE-2017-14167 | DSA-3991-1 qemu -- security update (VRVDR-38841) |
CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496 | DSA-3989-1 dnsmasq -- security update (VRVDR-38819) |
CVE-2017-14062 | DSA-3988-1 libidn2-0 -- security update (VRVDR-38806) |
CVE-2017-7518, CVE-2017-7558, CVE-2017-10661, CVE-2017-11600, CVE-2017-12134, CVE-2017-12146, CVE-2017-12153, CVE-2017-12154, CVE-2017-14106, CVE-2017-14140, CVE-2017-14156, CVE-2017-14340, CVE-2017-14489, CVE-2017-14497, CVE-2017-1000111, CVE-2017-1000112, CVE-2017-1000251, CVE-2017-1000252, CVE-2017-1000370, CVE-2017-1000371, CVE-2017-1000380 | DSA-3981-1 linux -- security update (VRVDR-38517) |
CVE-2017-11108, CVE-2017-11541, CVE-2017-11542, CVE-2017-11543, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12989, CVE-2017-12990, CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12995, CVE-2017-12996, CVE-2017-12997, CVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010, CVE-2017-13011, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014, CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022, CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026, CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030, CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034, CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042, CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046, CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050, CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054, CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, CVE-2017-13690, CVE-2017-13725 | DSA-3971-1 tcpdump security update (VRVDR-38266) |
CVE-2017-14482 | Debian DSA-3970-1 emacs24 - security update (VRVDR-38265) |
CVE-2015-9096, CVE-2016-7798, CVE-2017-0899, CVE-2017-0900, CVE-2017-0901, CVE-2017-14064 | Debian DSA-3966-1 : ruby2.3 - security update (VRVDR-38172) |
CVE-2017-1000249 | Debian DSA-3965-1 : file - security update (VRVDR-38171) |
CVE-2017-11185 | DSA-3962-1 strongswan security update (VRVDR-38153) |
CVE-2017-0379 | Debian DSA-3959-1 : libgcrypt20 - security update (VRVDR-38114) |
CVE-2017-0663, CVE-2017-7375, CVE-2017-7376, CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050 | Debian DSA-3952-1 : libxml2 - security update (VRVDR-38061) |
CVE-2014-9940, CVE-2017-7346, CVE-2017-7482, CVE-2017-7533, CVE-2017-7541, CVE-2017-7542, CVE-2017-7889, CVE-2017-9605, CVE-2017-10911, CVE-2017-11176, CVE-2017-1000363, CVE-2017-1000365 | Debian DSA-3945-1 linux security update (VRVDR-38027) |
CVE-2013-5211 | Network Time Protocol (NTP) Mode 6 Scanner (VRVDR-37993) |
CVE-2017-7346, CVE-2017-7482, CVE-2017-7533, CVE-2017-7541, CVE-2017-7542, CVE-2017-9605, CVE-2017-10810, CVE-2017-10911, CVE-2017-11176, CVE-2017-1000365 | DSA-3927-1 linux security update (VRVDR-37959) |
CVE-2017-9310, CVE-2017-9330, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375, CVE-2017-9524, CVE-2017-10664, CVE-2017-10911 | DSA-3920-1 qemu security update (VRVDR-37889) |
CVE-2017-3142, CVE-2017-3143 | Debian DSA-3904-1 : bind9 - security update (VRVDR-37772) |
CVE-2017-7526 | Debian DSA-3901-1 : libgcrypt20 - security update (VRVDR-37751) |
CVE-2017-7479, CVE-2017-7508, CVE-2017-7520, CVE-2017-7521 | Debian DSA-3900-1 : openvpn - security update (VRVDR-37707) |
CVE-2016-9063, CVE-2017-9233 | Debian DSA-3898-1 expat - security update (VRVDR-37694) |
CVE-2017-1000376 | libffi security update (VRVDR-37647) |
CVE-2017-1000366 | DSA-3887-1glibc security update (VRVDR-37644) |
CVE-2016-10324, CVE-2016-10325, CVE-2016-10326, CVE-2017-7853 | Debian DSA-3879-1 : libosip2 - security update (VRVDR-37625) |
CVE-2017-9526 | libgcrypt20 security update (VRVDR-37615) |
CVE-2008-5161 | A vulnerability exists in SSH messages that employ CBC mode (VRVDR-33124) |
CVE-2016-3739 | The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c (VRVDR-28781) |
CVE-2014-9761 | Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) (VRVDR-28636) |
CVE-2017-16548, CVE-2017-17433, CVE-2017-17434 | DSA-4068-1 rsync -- security update (VRVDR-39820) |
CVE-2017-16536, CVE-2017-1000405 | linux security update (VRVDR-39830) |
Resolved issues
Customer issues have been resolved in this release.
Component | Priority | Key | Summary |
---|---|---|---|
Interfaces | Major | VRVDR-39507 | some vLAN configuration operations fail leaving interface non-operational |
OpenVPN | Major | VRVDR-39177 | OpenVPN server domain-name option not being applied with --push dhcp-option |
System | Major | VRVDR-39165 | Why does cloud-init take so long to boot and is throwing errors? |
Firewall | Minor | VRVDR-38960 | Cannot assign loop-back interface to a transit zone. It is part of local-zone. error when lo interface is added to a firewall zone |
BGP | Major | VRVDR-38913 | iBGP updates sent sooner than MRAI for same route w/ ebgp-multihop 1 configured on ebgp peer |
Interfaces | Minor | VRVDR-38506 | VLAN subinterface counters are incorrect if QOS shaper is applied |
OpenVPN | Major | VRVDR-38196 | OpenVPN server doesn't push routes to the client |
BGP | Major | VRVDR-38162 | Please explain relationship of un-reachability-half-life parameter to BGP Dampening Penalty and Suppression Algorithm |
System | Major | VRVDR-38150 | set system ip arp does not give any options / what is the purpose of this command? |
BGP | Major | VRVDR-38148 | Displayed reuse time can become greater than max-suppress-time if dampened route is in history but not in RIB. |
RIP | Major | VRVDR-38137 | RIP Network Admin Distance command does not work |
DHCP | Minor | VRVDR-38083 | syntax warning when deleting a dhcp lease from database |
IPsec/VPN | Minor | VRVDR-38075 | When restart vpn is issued from responder, initiator does not re-establish connection |
Operational Infrastructure | Minor | VRVDR-37958 | The show login and show login level commands reports Admin as Superuser |
BGP | Minor | VRVDR-37906 | BGP updates are observed sooner than the MinRouteAdvertisementIntervalTimer configured through advertisement-interval |
SNMP | Minor | VRVDR-37829 | SNMP port number is not changing from default 161 |
GUI | Minor | VRVDR-37819 | ping process keeps running in background if started from Web GUI |
IPsec/VPN | Blocker | VRVDR-37741 | IKE cannot complete initialization when interesting traffic is UDP |
VRRP | Minor | VRVDR-37730 | vRouter 5.2R4 is not responding to KEEPALIVED-MIB query after reboot |
Entitlement | Minor | VRVDR-37717 | Rename hard-enf (build B) Description and License fields in version output |
OSPF | Minor | VRVDR-37706 | show ip OSPF neighbor summary command is unreadable |
IPv6 | Critical | VRVDR-37696 | IPv6 basic connectivity with vLAN tagging not working |
DPDK | Major | VRVDR-37689 | High rate of NIC PF interrupts |
System | Minor | VRVDR-37617 | After NTP configuration commit a message VMware-toolbox-cmd is returned When config NTP after commit - message vmware-toolbox-cmd message is returned |
Firewall | Minor | VRVDR-37315 | Used field becomes negative in show session-table statistics |
DPDK | Major | VRVDR-37052 | Intel i210 NIC reports no-carrier |
RA_VPN | Major | VRVDR-36378 | Client behind NAT is unable to connect to L2TP server |
GRE | Major | VRVDR-13641 | adding a gre tunnel to a bridge-group causes commit to fail without error message |
Known issues
The known issues in this release have been identified.
Component | Key | Summary |
---|---|---|
TACACS | VRVDR-15866 | TACACS Authentication/Authorization and Accounting out of sync after TACACS servers went offline/online and TACACS user exits session. |
Bonding | VRVDR-39750 | The 'show interface dataplane <bond-vif>' CLI shows interface statistics but is not a tab completion option under 'show interface dataplane' |
Firewall | VRVDR-39772 | The 'show log' and 'show log firewall name <FW-RULE>' command no longer displays firewall logs |
Firewall | VRVDR-38978 | ZBF doesn't allow stateful tracking for locally sourced traffic |
QinQ | VRVDR-39860 | Commit doesn't complete and Rollback doesn't complete properly |
GRE | VRVDR-39863 | VRRP fails over when customer removes routing-instance with GRE associated and tunnel local-address is part of VRRP |
GRE | VRVDR-39985 | TCP DF Packets larger than GRE tunnel MTU are dropped with no ICMP fragmentation needed returned |
Firewall | VRVDR-39991 | Stateful firewall drops packets between 2 subnets on the same interface |
NAT | VRVDR-40210 | Traceroute does not work when SNAT is enabled on vNAT |
NAT | VRVDR-40211 | delete session-table source <IP-address:port> and delete session-table destination <IP-address:port> do not work |