Defects
The defects that have been resolved in this release are detailed in this section.
Security vulnerabilities
Security issues have been resolved in this release.
| Key | Summary |
|---|---|
| CVE-2018-6797, CVE-2018-6798, CVE-2018-6913 | Debian DSA-4172-1 : perl - security update (VRVDR-41512) |
| CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 | Debian DSA-4136-1 : curl - security update (VRVDR-41137) |
| CVE-2018-7738 | Debian DSA-4134-1 : util-linux - security update (VRVDR-41096) |
| CVE-2018-6459 | Strongswan 5.6.x: denial-of-service vulnerability in the parser for RSASSA-PSS signatures (VRVDR-40821 ) |
| CVE-2017-10790, CVE-2018-6003 | Debian DSA-4106-1 : libtasn1-6 - security update (VRVDR-40555) |
| CVE-2018-5334, CVE-2018-5335, CVE-2018-5336 | Debian DSA-4101-1 : wireshark - security update (VRVDR-40398) |
| CVE-2018-1000005, CVE-2018-1000007 | Debian DSA-4098-1 : curl - security update (VRVDR-40327) |
| CVE-2017-3145 | Debian DSA-4089-1 : bind9 - security update (VRVDR-40087) |
| CVE-2017-5753 | Debian DSA-4187-1, DSA-4188-1: Spectre aka. variant #1: (VRVDR-39909) |
| CVE-2017-5754 | Debian DSA-4078-1 : linux - security update (Meltdown) (VRVDR-39891) |
| CVE-2018-5146 | Debian DSA 4140-1: libvorbis security update (VRVDR-41172) |
| CVE-2018-1064 CVE-2018-5748 CVE-2018-6764 | Debian DSA 4137-1: libvirt security update (VRVDR-41139) |
| CVE-2017-3144, CVE-2018-5732, CVE-2018-5733 | Debian DSA 4133-1: isc-dhcp security update (VRVDR-41041) |
| CVE-2018-7540, CVE-2018-7541, CVE-2018-7542 | Debian DSA 4131-1: xen security update (VRVDR-40991) |
| CVE-2017-14632, CVE-2017-14633 | Debian DSA 4113-1: libvorbis security update (VRVDR-40783) |
| CVE-2017-17563, CVE-2017-17564, CVE-2017-17565, CVE-2017-17566 | Debian DSA 4112-1: xen security update (VRVDR-40782) |
Resolved issues
Customer issues have been resolved in this release.
| Component | Key | Summary |
|---|---|---|
| System | VRVDR-41594 | Fails to create disk partition |
| Dataplane | VRVDR-41568 | Packet capture on dp0px only captures egress on port |
| Switch - Marvell | VRVDR-41564 | New Silicom PLCC-B devices fail to recognize the new switchports |
| Installer | VRVDR-41515 | Fresh install using install image encountered disk label error |
| Installer | VRVDR-41387 | Permissions and group ownership mismatch between LiveCD and installed image for /var/lib/libvirt/images/ |
| GRE | VRVDR-41266 | Static route leaking to VRF does not transit traffic across mGRE tunnel after reboot |
| Firewall | VRVDR-41252 | With unbound VTI in zone-policy, drop rule is bypassed depending on commit order of zone rules. |
| Interfaces | VRVDR-41225 | When configuring interface description, every white space is treated as a new line |
| BGP | VRVDR-41088 | Extended (4 byte) ASN not represented internally as unsigned type |
| Bridging | VRVDR-40988 | vhost not starting when vSRX image is used with certain number of interfaces |
| IPsec/VPN | VRVDR-40967 | disabling IPv6 forwarding prevents routing of vti sourced IPv4 packets |
| Dataplane | VRVDR-40940 | dataplane crash related to NAT/Firewall |
| ALG | VRVDR-40927 | DNAT: SDP in SIP 200 OK not translated when it follows a 183 Response |
| SNMP | VRVDR-40920 | With 127.0.0.1 as listen-address snmpd does not start |
| Firewall | VRVDR-40886 | Combining icmp name <value> with a number of other configuration for the rule will cause FW to not load |
| IPsec/VPN | VRVDR-40858 | VTI interface showing MTU 1428 causing TCP PMTU issues |
| Bridging | VRVDR-40857 | vhost-bridge does not come up for tagged vlan with interface names of a certain length. |
| IPsec/VPN | VRVDR-40644 | IKEv1: QUICK_MODE re-transmits are not handled correctly |
| Bonding | VRVDR-40497 | ARP doesn't work over bonded SR-IOV interface |
| System | VRVDR-40328 | cloud-init images takes a long time to boot |
| Installer | VRVDR-40281 | After upgrading from 5.2 to more recent version error -vbash: show: command not found in operation mode |
| NAT | VRVDR-40211 | delete session-table source <IP-address:port> and delete session-table destination <IP-address:port> do not work on 17.2.0 |
| NAT | VRVDR-40210 | NAT ICMP error handling for checksum disabled UDP is wrong |
| IPsec/VPN | VRVDR-40085 | PB-IPsec is not working when pinging between loopback interfaces on the Vyatta NOS themselves. |
| Firewall | VRVDR-39991 | Stateful firewall drops packets between 2 subnets on the same interface |
| Dataplane | VRVDR-39985 | TCP DF Packets larger than GRE tunnel MTU are dropped with no ICMP fragmentation needed returned |
| Interfaces | VRVDR-39920 | vhost interfaces for vcsr stay link down |
| Firewall | VRVDR-39865 | non-unique ICMP states for pings between windows hosts |
| GRE | VRVDR-39863 | VRRP fails over when customer removes routing-instance with GRE associated and tunnel local-address is part of VRRP |
| QinQ | VRVDR-39860 | Commit doesn't complete and Rollback doesn't complete properly |
| Firewall | VRVDR-39772 | The show log and show log firewall name <FW-RULE> command no longer displays firewall logs |
| Bonding | VRVDR-39750 | The show interface dataplane <bond-vif> CLI shows interface statistics but is not a tab completion option under show interface dataplane |
| NAT | VRVDR-39729 | dataplane crashes when NAT resource group address has /31 mask |
| DHCP | VRVDR-39529 | DHCP server failover is not synchronizing databases |
| QoS | VRVDR-39396 | QOS Shaping Granularity leads to less throughput than expected at certain packet sizes |
| Bonding | VRVDR-38801 | multi-segment packet recieved via IPSec VTI causes bond interface to go down |
| RA_VPN | VRVDR-36378 | Client behind NAT is unable to connect to L2TP server |
Known issues
The known issues in this release have been identified.
| Component | Key | Summary |
|---|---|---|
| Interfaces | VRVDR-41732 | Issuing command delete interfaces dataplane dp0p3 results in multiple errors during commit |
| Dataplane | VRVDR-41664 | dataplane drops MTU sized ESP packets |
| Dataplane | VRVDR-41588 | vhost is dropping packets and showing Errors |
| System | VRVDR-41577 | Can't determine if commit was successful or not???? |
| Dataplane | VRVDR-41569 | Can't get vhost1 interface to work with vSRX |
| Interfaces | VRVDR-41558 | The reported timestamps in packet traces are not consistent with the actual time and system clock |
| IPsec/VPN | VRVDR-41233 | Show VPN commands do not work (just hangs). |
| OpenStack | VRVDR-41213 | No external connectivity deploying a new Vyatta 17.2 on KVM/Mirantis Openstack using SRIOV |
| OpenVPN | VRVDR-40614 | OpenVPN interface disappears from routing instance after reboot |
| VRRP | VRVDR-39710 | When rfc-compatibility is enabled in a VRRP instance, Vyatta does not respond to icmp requests |
| Dataplane | VRVDR-35474 | Transient packet drops observed during link up and on bgp convergence test |
| BGP | VRVDR-34995 | BGP Multipath for Inter-VRF Leaked Routes |
| IPsec/VPN | VRVDR-34842 | DMVPN: Spoke receives INVALID_ID_INFORAMTION after changing logging configuration on Hub |
| BGP | VRVDR-34097 | ibgp double recursive lookup uses first nh rather then second nh for path selection, thereby breaking best exit |
| L2TP | VRVDR-32770 | Fragmented packets over L2tpv3 are misordered |
| Logging | VRVDR-32588 | CLI should provide more information about syslog facilities |
| OSPF | VRVDR-32155 | OSPF TE Database not populated when opaque-lsa is disabled then re-enabled |
| Hypervisor | VRVDR-31751 | Console of guest VM is inactive |
| DMVPN | VRVDR-29153 | show vpn ipsec sa displays a bogus peer with IP address 0.0.0.0 |