Patch release notes 1908d
Release notes for Vyatta NOS 1908d, released January 23, 2020.
Issues resolved
Issues resolved in release 1908d.
Issue number | Priority | Summary |
---|---|---|
VRVDR-49185 | Blocker | IP Packet Filter not applied at bootup |
VRVDR-48892 | Blocker | Ping failure with storm-control and QoS |
VRVDR-48891 | Blocker | Dataplane crashed while changing PTP configuration |
VRVDR-48728 | Blocker | Network link down observed with VM built from vyatta-1908b-amd64-vrouter_20191010T1100-amd64-Build3.14.hybrid.iso |
VRVDR-44104 | Blocker | Creating a switch interface doesn't work with QinQ |
VRVDR-49618 | Critical | Servo notifications always using attVrouterPtpServoFailure |
VRVDR-49246 | Critical | Flexware stops forwarding pkts over hardware switch after flooding unknown unicasts |
VRVDR-48960 | Critical | SIAD - audit logs with no priority default to syslog level NOTICE, and are overly chatty |
VRVDR-48820 | Critical | PTP: master not tracked correctly across port changes |
VRVDR-48720 | Critical | PTP: assert in IDTStackAdaptor_UpdateBestMasterSelection |
VRVDR-48660 | Critical | No rotation occurring for /var/log/messages |
VRVDR-48461 | Critical | SNMP Not working in 1908a |
VRVDR-49426 | Major | Mellanox-100G: kernel interface shows up even when data plane is stopped |
VRVDR-49391 | Major | Disable (by default) logging of the time adjustments by the IDT servo |
VRVDR-49223 | Major | Hardware CPP rate limiter feature accepted packet count not working |
VRVDR-49137 | Major | Syslog rate-limit not respected for above 65000 messages per interval |
VRVDR-49020 | Major | RA VPN: Spoke not forwarding with ESP: Replay check failed for SPI logs |
VRVDR-48850 | Major | PTP: Frequently logging Slave Unavailable/Available message in the console log |
VRVDR-48585 | Major | ICMP Unreachable not returned when decrypted IPSec packet is too large to pass tunnel interface MTU |
VRVDR-47203 | Major | 1903d yang package fatal error |
VRVDR-48992 | Minor | Syslog generates message Child xxxxx has terminated, reaped by main-loop at wrong priority |
VRVDR-47002 | Minor | PTP: network information is not cleared from disabled (skipped) ports during reconfiguration |
Security vulnerabilities resolved
Security vulnerabilities resolved in release 1908d.
Issue number | CVSS | Advisory | Summary |
---|---|---|---|
VRVDR-49450 | 9.8 | DSA-4587-1 | CVE-2019-15845, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255: Debian DSA-4587-1: ruby2.3 – security update |
VRVDR-48133 | 8.8 | DSA-4512-1 | CVE-2019-13164, CVE-2019-14378: Debian DSA-4512-1: qemu – security update |
VRVDR-47885 | 8.1 | DSA-4495-1 | CVE-2018-20836, CVE-2019-1125, CVE-2019-1999, CVE-2019-10207, CVE-2019-10638, CVE-2019-12817, CVE-2019-12984, CVE-2019-13233, CVE-2019-13631, CVE-2019-13648, CVE-2019-14283, CVE-2019-14284: Debian DSA-4495-1: linux – security update |
VRVDR-49477 | 7.5 | DSA-4591-1 | CVE-2019-19906: Debian DSA-4591-1: cyrus-sasl2 – security update |
VRVDR-48691 | 7.5 | DSA-4544-1 | CVE-2019-16866: Debian DSA-4544-1: unbound – security update |
VRVDR-48132 | 7.5 | DSA-4511-1 | CVE-2019-9511, CVE-2019-9513: Debian DSA-4511-1: nghttp2 – security update |
VRVDR-49155 | 7.2 | N/A | CVE-2018-5265: Devices allow remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the alias or ips parameter for shell metacharacters. |
VRVDR-49486 | 5.3 | DSA-4594-1 | CVE-2019-1551: Debian DSA-4594-1: openssl1.0 – security update |