Defects
The defects that have been resolved in this release are detailed in this section.
Resolved security vulnerabilities
Security issues have been resolved in this release.
When multiple CVE numbers are addressed in a single issue, the highest CVSS score is listed.
For more information on Debian advisories, see https://www.debian.org/security.
| Issue Number | CVSS score | Debian Advisory | Summary |
|---|---|---|---|
| VRVDR-45253 | 7.5 | DSA 4375-1 | CVE-2019-3813: spice - security update |
| VRVDR-45035 | 7.8 | DSA 4367-1 | CVE-2018-16864, CVE-2018-16865, CVE-2018-16866: systemd - security update |
| VRVDR-44747 | 8.8 | DSA 4350-1 | CVE-2018-19788: policykit-1 - security update |
| VRVDR-44634 | 8.8 | DSA 4349-1 | CVE-2017-11613, CVE-2017-17095, CVE-2018-10963, CVE-2018-15209, CVE-2018-16335, CVE-2018-17101, CVE-2018-18557, CVE-2018-5784, CVE-2018-7456, CVE-2018-8905: tiff - security update |
| VRVDR-44633 | 7.5 | DSA 4348-1 | CVE-2018-0732, CVE-2018-0734, CVE-2018-0735, CVE-2018-0737, CVE-2018-5407: openssl - security update |
| VRVDR-44611 | 9.8 | DSA 4347-1 | CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314: perl - security update |
| VRVDR-44371 | 8.1 | DSA 4339-1 | CVE-2017-7519, CVE-2018-10861, CVE-2018-1128, CVE-2018-1129: ceph - security update |
| VRVDR-44348 | 9.8 | DSA 4338-1 | CVE-2018-10839, CVE-2018-17962, CVE-2018-17963: qemu – security update |
| VRVDR-43264 | 5.6 | DSA 4274-1 | CVE-2018-3620, CVE-2018-3646: xen – security update |
Resolved issues
Customer issues have been resolved in this release.
| Component | Issue number | Priority | Summary |
|---|---|---|---|
| ALG | VRVDR-44914 | Critical | RPC ALG crash on both members of HA pair |
| Bonding | VRVDR-45343 | Minor | 802.3ad bond reports itself as half-duplex |
| Config Sync | VRVDR-45466 | Minor | IPv6 address not abbreviated when config is loaded via PXE boot causing config-sync issues |
| Dataplane | VRVDR-44406 | Critical | Dataplane performance impacted by ICMP redirects sent in improper scenario |
| Flow Accouting | VRVDR-44076 | Major | Memory leak in flow-monitoring leading to dataplane seg-fault and outage |
| IPsec | VRVDR-44657 | Major | IKEv1 re-key collision causes VTI interface to stay down when tunnels are up |
| IPv6 | VRVDR-44517 | Minor | Dataplane crashes with panic in rte_ipv6_fragment_packet |
| Kernel | VRVDR-44560 | Major | Multiple rcu_sched CPU stalls pointing to ip_gre driver |
| NAT | VRVDR-44178 | Major | NAT drops minimum sized (8 bytes of trigger payload) ICMP error packets |
| NAT | VRVDR-44985 | Minor | DNAT and input firewall logging/order of operation |
| OSPF | VRVDR-44803 | Minor | OSPF duplicate router-id log messages |
| RIB | VRVDR-44941 | Minor | Static route missing in kernel due to brief VTI interface flap |
Known issues
The known issues in this release have been identified.
| Component | Issue number | Priority | Summary |
|---|---|---|---|
| REST API | VRVDR-45807 | Critical | REST API & user isolation: op command "spawn" outside the sandbox |
| Dataplane | VRVDR-45565 | Minor | Output H/W queue drops incrementing after upgrading from 5400 to 5600 1801u |
| VRRP | VRVDR-45187 | Minor | Customer has multiple Vyattas on 1801r and they are all showing a six hour offset when it comes to VRRP last transition time |